Permissive runtime information flow control in the presence of exceptions

2021 ◽  
pp. 1-41
Author(s):  
Abhishek Bichhawat ◽  
Vineet Rajani ◽  
Deepak Garg ◽  
Christian Hammer
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Flow Analysis ◽  
Control Flow ◽  
Information Flow Control ◽  
Information Flow Analysis ◽  
Analysis Techniques ◽  
Complex Features ◽  
Security Property ◽  
Runtime Information

Information flow control (IFC) has been extensively studied as an approach to mitigate information leaks in applications. A vast majority of existing work in this area is based on static analysis. However, some applications, especially on the Web, are developed using dynamic languages like JavaScript where static analyses for IFC do not scale well. As a result, there has been a growing interest in recent years to develop dynamic or runtime information flow analysis techniques. In spite of the advances in the field, runtime information flow analysis has not been at the helm of information flow security, one of the reasons being that the analysis techniques and the security property related to them (non-interference) over-approximate information flows (particularly implicit flows), generating many false positives. In this paper, we present a sound and precise approach for handling implicit leaks at runtime. In particular, we present an improvement and enhancement of the so-called permissive-upgrade strategy, which is widely used to tackle implicit leaks in dynamic information flow control. We improve the strategy’s permissiveness and generalize it. Building on top of it, we present an approach to handle implicit leaks when dealing with complex features like unstructured control flow and exceptions in higher-order languages. We explain how we address the challenge of handling unstructured control flow using immediate post-dominator analysis. We prove that our approach is sound and precise.

scholarly journals Information Flow Analysis of Combined Simulink/Stateflow Models

2019 ◽  
Vol 48 (2) ◽  
pp. 299-315
Author(s):  
Marcus Mikulcak ◽  
Paula Herber ◽  
Thomas Göthel ◽  
Sabine Glesner
Keyword(s):  
Information Flow ◽  
Timed Automata ◽  
Flow Analysis ◽  
Control Flow ◽  
Complex Case ◽  
Compositional Verification ◽  
Combined Model ◽  
Information Flow Analysis ◽  
Efficient Test ◽  
Starting Point

Simulink and its state machine design toolbox Stateflow are widely-used industrial tools for the development of complex embedded systems. Due to the strongly differing execution semantics of Simulink and Stateflow, the analysis of combined models poses a difficult challenge. In this paper, we present a novel approach to relate the semantics of both the dynamic and the controller components and use it to perform an information flow analysis on a combined model consisting of discrete Simulink components and Stateflow controllers. The key idea of our approach is that we analyze the information flow in a given model by computing an over-approximation of the control flow, and deduce whether all control flow conditions combined permit information to flow on a given path or not. Our control flow analysis approach is threefold: (1) we identify timed path conditions which capture the conditions for time-dependent information flow on paths of interest for (discrete) Simulink components, and translate them into a UPPAAL timed automata representation, (2) we translate the Stateflow components to UPPAAL timed automata, and (3) we perform model checking on the resulting set of automata to analyze the existence of paths in the combined model. With our approach, we safely rule out the existence of information flow on specific paths through a model, which enables us to reason about non-interference between model parts and the compliance with security policies. Furthermore, our approach presents a starting point to generate feasible, efficient test cases and to perform compositional verification. We demonstrate the applicability of our approach using two versions of a complex case study from the automotive domain consisting of multiple safety-critical components communicating over a shared bus system.

scholarly journals A Noninterference Model for Mobile OS Information Flow Control and Its Policy Verification

2021 ◽  
Vol 2021 ◽  
pp. 1-22
Author(s):  
Zhanhui Yuan ◽  
Wenfa Li ◽  
Zhi Yang ◽  
Lei Sun ◽  
Xuehui Du ◽  
...  
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Operating Systems ◽  
Search Algorithm ◽  
Coarse Grained ◽  
Covert Channel ◽  
Covert Channels ◽  
Information Flow Control ◽  
Label Change ◽  
Security Property

Mobile operating systems such as Android are facing serious security risk. First, they have a large number of users and store a large number of users’ private data, which have become major targets of network attack; second, their openness leads to high security risks; third, their coarse-grained static permission control mechanism leads to a large number of privacy leaks. Recent decentralized information flow control (DIFC) operating systems such as Asbestos, HiStar, and Flume dynamically adjust the label of each process. Asbestos contains inherent covert channels due to this implicit label adjustment. The others close these covert channels through the use of explicit label change, but this impedes communication and increases performance overhead. We present an enhanced implicit label change model (EILCM) for mobile operating systems that can close the known covert channel in these models with implicit label change and supports dynamic constraints on tags for separation of duty. We also formally analyze the reasons why EILCM can close the known covert channels and prove that abstract EILCM systems have the security property of noninterference with declassification by virtue of the model checker tool FDR. We also prove that the problem of EILCM policy verification is NP-complete and propose a backtrack-based search algorithm to solve the problem. Experiments are presented to show that the algorithm is effective.

Adding Flexibility in Information Flow Control for Object-Oriented Systems Using Versions

2003 ◽  
Vol 13 (03) ◽  
pp. 313-325 ◽  
Author(s):  
Allaoua Maamir ◽  
Abdelaziz Fellah
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Object Oriented ◽  
Control Flow ◽  
Sensitive Information ◽  
Information Flow Control ◽  
Flow Models ◽  
Information Models ◽  
Flow Information ◽  
Object Oriented Systems

One of the main features of information flow control is to ensure the enforcement of privacy and regulated accessibility. However, most information flow models that have been proposed do not provide substantial assurance to enforce end-to-end confidentiality policies or they are too restrictive, overprotected, and inflexible. This paper presents an approach to control flow information in object-oriented systems using versions, thus allowing considerable flexibility without compromising system security by leaking sensitive information. Models based on message filtering intercept every message exchanged among objects to control the flow of information. Versions are proposed to provide flexibility and avoid unnecessary and undesirable blocking of messages during the filtering process. Two options of operations are supported by versions — cloning reply and non-cloning reply. Furthermore, we present an algorithm which enforces message filtering through these operations.

HLIO: mixing static and dynamic typing for information-flow control in Haskell

2015 ◽  
Vol 50 (9) ◽  
pp. 289-301 ◽  
Author(s):  
Pablo Buiras ◽  
Dimitrios Vytiniotis ◽  
Alejandro Russo
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Information Flow Control ◽  
Dynamic Typing

scholarly journals Tenant-Led Ciphertext Information Flow Control for Cloud Virtual Machines

IEEE Access ◽  
2021 ◽  
Vol 9 ◽  
pp. 15156-15169
Author(s):  
Zhao Zhang ◽  
Zhi Yang ◽  
Xuehui Du ◽  
Wenfa Li ◽  
Xingyuan Chen ◽  
...  
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Virtual Machines ◽  
Information Flow Control

scholarly journals Method and Application of Operational Architecture Modeling Based on Information Flow Analysis

2016 ◽  
Vol 4 (1) ◽  
pp. 40-55
Author(s):  
Yinghui Yang ◽  
Jianhua Li ◽  
Qingwei Meng ◽  
Mingli Nan
Keyword(s):  
Information Flow ◽  
Process Analysis ◽  
Flow Analysis ◽  
Modeling Framework ◽  
Operational Process ◽  
Information Flow Analysis ◽  
Modeling Process ◽  
Architecture Framework ◽  
Architecture Modeling ◽  
Operational Activity

Abstract To strengthen operational process analysis and normalize information requirements description in systemic operations based on information systems, a new operational architecture modeling method is proposed from the perspective of information flow analysis. An operational architecture modeling framework based on information flow analysis is established by referring to American department of defense architecture framework (DoDAF V2.0). Concepts of entities, relationships, attributes and mapping rules are defined. Operational activity model, operational nod model and information alternation model are constructed. Finally, aerial assault operation is taken as an example to demonstrate the modeling process. Simulation results show that operational process analysis is more refined and information requirement descriptions are more visible, normal and clear, which validate the feasibility and validity of the method and models.

Sign in / Sign up

Export Citation Format

Share Document