A Policy Model for Secure Information Flow

11 years 7 months ago
A Policy Model for Secure Information Flow
When a computer program requires legitimate access to confidential data, the question arises whether such a program may illegally reveal sensitive information. This paper proposes a policy model to specify what information flow is permitted in a computational system. The security definition, which is based on a general notion of information lattices, allows various representations of information to be used in the enforcement of secure information flow in deterministic or nondeterministic systems. A flexible semantics-based analysis technique is presented, which uses the input-output relational model induced by an attacker’s observational power, to compute the information released by the computational system. An illustrative attacker model demonstrates the use of the technique to develop a termination-sensitive analysis. The technique allows the development of various information flow analyses, parametrised by the attacker’s observational power, which can be used to enforce wh...
Adedayo Adetoye, Atta Badii
Added 26 May 2010
Updated 26 May 2010
Type Conference
Year 2009
Where IFIP
Authors Adedayo Adetoye, Atta Badii
Comments (0)