kth.sePublikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Dynamic Policies Revisited
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS.
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS.ORCID-id: 0000-0001-6005-5992
2022 (Engelska)Ingår i: Proceedings - 7th IEEE European Symposium on Security and Privacy, Euro S and P 2022, Institute of Electrical and Electronics Engineers (IEEE), 2022, s. 448-466Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Information flow control and dynamic policies is a difficult relationship yet to be fully understood. While dynamic policies are a natural choice in many real-world applications that downgrade and upgrade the sensitivity of information, understanding the meaning of security in this setting is challenging. In this paper we revisit the knowledge-based security conditions to reinstate a simple and intuitive security condition for dynamic policies: A program is secure if at any point during the execution the attacker's knowledge is in accordance with the active security policy at that execution point. Our key observation is the new notion of policy consistency to prevent policy changes whenever an attacker is already in possession of the information that the new policy intends to protect. We use this notion to study a range of realistic attackers including the perfect recall attacker, bounded attackers, and forgetful attackers, and their relationship. Importantly, our new security condition provides a clean connection between the dynamic policy and the underlying attacker model independently of the specific use case. We illustrate this by considering the different facets of dynamic policies in our framework. On the verification side, we design and implement DynCoVer, a tool for checking dynamic information-flow policies for Java programs via symbolic execution and SMT solving. Our verification operates by first extracting a graph of program dependencies and then visiting the graph to check dynamic policies for a range of attackers. We evaluate the effectiveness and efficiency of DyncoVeron a benchmark of use cases from the literature and designed by ourselves, as well as the case study of a social network. The results show that DynCoVer can analyze small but intricate programs indicating that it can help verify security-critical parts of Java applications. We release Dyncover publicly to support open science and encourage researchers to explore the topic further.

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2022. s. 448-466
Nationell ämneskategori
Datorsystem Annan elektroteknik och elektronik
Identifikatorer
URN: urn:nbn:se:kth:diva-309603DOI: 10.1109/EuroSP53844.2022.00035ISI: 000851574500027Scopus ID: 2-s2.0-85134038311OAI: oai:DiVA.org:kth-309603DiVA, id: diva2:1642743
Konferens
7th IEEE European Symposium on Security and Privacy, Genoa, 6 June 2022,through 10 June 2022
Projekt
JointForceInferVizTrustFull
Anmärkning

QC 20220927

Part of proceedings: ISBN 978-166541614-6

Tillgänglig från: 2022-03-07 Skapad: 2022-03-07 Senast uppdaterad: 2022-09-27Bibliografiskt granskad

Open Access i DiVA

fulltext(843 kB)433 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 843 kBChecksumma SHA-512
c4d426764ed66f8183182def0e1390c2d03c131e0b84f99dd8ece72fa15993083628c0d3387ff7cf2e3796231a8cc2d0a5c693e2f1b66b82b86e37295fcbc4fd
Typ fulltextMimetyp application/pdf

Övriga länkar

Förlagets fulltextScopus

Person

Ahmadian, Amir M.Balliu, Musard

Sök vidare i DiVA

Av författaren/redaktören
Ahmadian, Amir M.Balliu, Musard
Av organisationen
Teoretisk datalogi, TCS
DatorsystemAnnan elektroteknik och elektronik

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 443 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 1109 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf