Programmable enforcement framework of information flow policies

M. Ngo; F. Massacci

Programmable enforcement framework of information flow policies

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

We propose a programmable framework that can be easily instantiated to enforce a large variety of information flow properties. Our framework is based on the idea of secure multi-execution in which multiple instances of the controlled program are executed in parallel. The information flow property of choice can be obtained by simply implementing programs that control parallel executions. We present the architecture of the enforcement mechanism and its instantiations for non-interference (NI) (from Devriese and Piessens), non-deducibility (ND) (from Sutherland) and some properties proposed by Mantel, such as removal of inputs (RI) and deletion of inputs (DI), and demonstrate formally soundness and precision of enforcement for these properties.

Original language	English
Title of host publication	ICTCS 2014 - Proceedings of the 15th Italian Conference on Theoretical Computer Science
Editors	A. Formisano, S. Bistarelli
Publisher	CEUR-WS
Pages	197-211
Publication status	Published - 2014
Externally published	Yes
Event	15th Italian Conference on Theoretical Computer Science, ICTCS 2014 - Perugia, Italy Duration: 17 Sept 2014 → 19 Sept 2014

Publication series

Name	CEUR Workshop Proceedings
ISSN (Print)	1613-0073

Conference

Conference	15th Italian Conference on Theoretical Computer Science, ICTCS 2014
Country/Territory	Italy
City	Perugia
Period	17/09/14 → 19/09/14

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{e1ea81ad537c4d9d84cc6bbb8da9a09b,

title = "Programmable enforcement framework of information flow policies",

abstract = "We propose a programmable framework that can be easily instantiated to enforce a large variety of information flow properties. Our framework is based on the idea of secure multi-execution in which multiple instances of the controlled program are executed in parallel. The information flow property of choice can be obtained by simply implementing programs that control parallel executions. We present the architecture of the enforcement mechanism and its instantiations for non-interference (NI) (from Devriese and Piessens), non-deducibility (ND) (from Sutherland) and some properties proposed by Mantel, such as removal of inputs (RI) and deletion of inputs (DI), and demonstrate formally soundness and precision of enforcement for these properties.",

author = "M. Ngo and F. Massacci",

year = "2014",

language = "English",

series = "CEUR Workshop Proceedings",

publisher = "CEUR-WS",

pages = "197--211",

editor = "A. Formisano and S. Bistarelli",

booktitle = "ICTCS 2014 - Proceedings of the 15th Italian Conference on Theoretical Computer Science",

note = "15th Italian Conference on Theoretical Computer Science, ICTCS 2014 ; Conference date: 17-09-2014 Through 19-09-2014",

}

Programmable enforcement framework of information flow policies. / Ngo, M.; Massacci, F.
ICTCS 2014 - Proceedings of the 15th Italian Conference on Theoretical Computer Science. ed. / A. Formisano; S. Bistarelli. CEUR-WS, 2014. p. 197-211 (CEUR Workshop Proceedings).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Programmable enforcement framework of information flow policies

AU - Ngo, M.

AU - Massacci, F.

PY - 2014

Y1 - 2014

N2 - We propose a programmable framework that can be easily instantiated to enforce a large variety of information flow properties. Our framework is based on the idea of secure multi-execution in which multiple instances of the controlled program are executed in parallel. The information flow property of choice can be obtained by simply implementing programs that control parallel executions. We present the architecture of the enforcement mechanism and its instantiations for non-interference (NI) (from Devriese and Piessens), non-deducibility (ND) (from Sutherland) and some properties proposed by Mantel, such as removal of inputs (RI) and deletion of inputs (DI), and demonstrate formally soundness and precision of enforcement for these properties.

AB - We propose a programmable framework that can be easily instantiated to enforce a large variety of information flow properties. Our framework is based on the idea of secure multi-execution in which multiple instances of the controlled program are executed in parallel. The information flow property of choice can be obtained by simply implementing programs that control parallel executions. We present the architecture of the enforcement mechanism and its instantiations for non-interference (NI) (from Devriese and Piessens), non-deducibility (ND) (from Sutherland) and some properties proposed by Mantel, such as removal of inputs (RI) and deletion of inputs (DI), and demonstrate formally soundness and precision of enforcement for these properties.

UR - https://www.scopus.com/pages/publications/84908543890

UR - https://www.scopus.com/inward/citedby.url?scp=84908543890&partnerID=8YFLogxK

M3 - Conference contribution

T3 - CEUR Workshop Proceedings

SP - 197

EP - 211

BT - ICTCS 2014 - Proceedings of the 15th Italian Conference on Theoretical Computer Science

A2 - Formisano, A.

A2 - Bistarelli, S.

PB - CEUR-WS

T2 - 15th Italian Conference on Theoretical Computer Science, ICTCS 2014

Y2 - 17 September 2014 through 19 September 2014

ER -

Programmable enforcement framework of information flow policies

Abstract

Publication series

Conference

Persistent URL (handle)

Other files and links

Fingerprint

Cite this