CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Controlling Dependencies for Security and Privacy

Arnar Birgisson (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
Göteborg : Chalmers University of Technology, 2011. ISBN: 1652-876X.- 103 s.

This thesis explores several ways to diversify the field of Information Flow Control. At the heart of the field lie on one hand policies for describing limitations on information dependencies induced by a program, and on the other hand mechanisms to enforce such policies. We aim to improve the current state of the art by pointing out areas where current policy definitions and enforcement mechanisms fall short in terms of providing information confidentiality and integrity. We identify that integrity properties often must go beyond simple data dependencies, and provide a notion of {\em generalized invariants} for describing certain program correctness properties and show their enforcement can be incorporated in a standard monitor for Information Flow Control. For confidentiality, we show that termination insensitive security definitions may not be appropriate when programs can be invoked multiple times by an attacker, and suggest an improvement to type-based enforcement that extends the security definition to the multirun case. Furthermore, we seek overlaps between Information Flow Control and other fields. We explore the application of capability systems to enforce Information Flow Control policies, with positive results. We also study how tracking of data dependencies can be applied to improve the programming model for Differential Privacy, a framework providing strong theoretical guarantees regarding privacy preserving use of data.

Nyckelord: information security, information flow, dependency analysis, information integrity, information confidentiality, privacy

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2011-05-24. Senast ändrad 2011-06-14.
CPL Pubid: 140998


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)


Informations- och kommunikationsteknik

Chalmers infrastruktur

Relaterade publikationer

Inkluderade delarbeten:

Unifying Facets of Information Integrity


Datum: 2011-06-17
Tid: 10:00
Lokal: Sal EC, EDIT
Opponent: Sergio Maffeis, Imperial College, London, UK

Ingår i serie

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University