DOC PREVIEW
PSU CSE 543 - Flow with Decentralized Labels

This preview shows page 1-2-3-4-5-6 out of 18 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 18 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1“Complete, Safe InformationFlow with Decentralized Labels”Andrews C. Myers and Barbara Liskov(MIT)Presenters : Wilfred Glover-Akpey andAnuj Sawani2Background “A Decentralized Model for Information FlowControl”, Andrew C. Myers and Barbara Liskova new model for controlling information flow insystems with mutual distrust and decentralizedauthority.model allows users to share information withdistrusted codeThe model improves on existing multilevel securitymodels3Background (continued) Shows how static program analysis can be usedto certify proper information flows in this model Principals can attach flow policies to pieces ofdata. Principals can declassify labels by modifyingtheir own policies. It is compatible with static checking ofinformation flow.4CONTRIBUTION They extend the model to allow safe re-labelingthat the previous work does not support. This work defines a model that enables them toknow which re-labeling is legal. They define a rule for static checking and arealso able to prove that it is both sound andcomplete for all safe re-labeling that it allows. Label checking and label inference are shown tobe easy and efficient when using this newlydefined rule.5Decentralized Label Model What is it? Labels allows individual owners of information to expresstheir own policies. Owners are principals. Some principals are authorized to act for other principals. Every value used or computed in a program execution has anassociated label. Label a set of components, each of which expresses a policy for a singleowner. A set of flows; a flow is an (owner, reader ) pair. Policy – a set of readers permitted by the owner to read thedata. Principal hierarchy – the acts-for relations between principalsin the system.6The Patient/Doctor ExamplePrincipals : For Patients we have Patient_AFor Doctors we have doctor_B HMO : - maintains the patient’s medical history- tracks information flow of the patient7The Patient/Doctor Example (continued)8Related Work “Lattice Model of Information flow” , Bell,LaPadula and Denning. – early work “(ORAC) model” by C. McCollum et al, –dynamically checked. “The Chinese wall policy”, Brewer & Nash, etc –Complex aggregate policies, & others. “Certification of Programs for Information flow”,by Dorothy and Peter Denning,– static analysisof security guarantees and others.9Questions ?10 Microsoft Word-based macro virus Circumvent poor program policy Uses VB script extensions Spreads via Emails – 1.2 billion affected Solution : Language-based security toprevent malicious information flowMelissa Virus11Formal model for labels L = { o1 : r1, r2 ; o2:r2, r3 } Label – set of components Each component – a policy for a singleownercomponentOwner(value)Readers(variables)12 K Є L – Component K in L RK – set of readers Principal Hierarchy Consists of the acts-for relations between principals in the system - in the principal hierarchy P, x can act for y - P’ extends PNotations and Symbols13The Label - Set of Flows Information flow denoted by ( oK , r ) Flow set constraints Reader Constraint If flow contains (o, r) and r’ acts-for r, then set contains (o, r’) Owner Constraint If flow contains (o, r) and o’ acts-for o, then set contains (o’, r) Label’s intepretation – Function X Maps a label to a set of flowsOwnerconstraintreaderconstraint14Sound and Complete Relabeling A reader may be dropped from someowner’s reader set. A new owner may be added to thelabel, with an arbitrary reader set. A reader may be added as long as itcan act for some member of thereader set. An owner may be replaced by anowner that acts for it.No NewFlows Added15Static Correctness condition Relabeling from L1 to L2 in principalhierarchy P Valid only if no new flows are added ExampleDATA L1 = {patient_A : doctors}DATA L2 = {HMO_records: doctor_B}RelabelingLess restrictive More restrictivewhere16Static vs Dynamic Checking Consider code (b more restrictive than x) Run-time Check Case 1 : b = false Program continues Case 2 : b = true Program aborts (type check fails) Implicit flow Compile-time Check Failure will not give any info about x or b.x=0;if (b==1) x=1;17Static CheckingDefinitions of Join and Meet Join Result of acomputation (suchas adding twonumbers) Concatenation of allcomponents Least RestrictiveUpper Bound Meet Useful for automaticlabel inference Join of all pair-wisecomponents Most RestrictiveLower Bound18Conclusion Describes a complete relabeling rulefor the decentralized label model Make the model more practical andusable Provides flexibility Safe


View Full Document

PSU CSE 543 - Flow with Decentralized Labels

Documents in this Course
Agenda

Agenda

14 pages

HYDRA

HYDRA

11 pages

PRIMA

PRIMA

15 pages

CLIMATE

CLIMATE

15 pages

Load more
Download Flow with Decentralized Labels
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Flow with Decentralized Labels and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Flow with Decentralized Labels 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?