Adding Flexibility in Information Flow Control for Object-Oriented Systems Using Versions

2003 ◽  
Vol 13 (03) ◽  
pp. 313-325 ◽  
Author(s):  
Allaoua Maamir ◽  
Abdelaziz Fellah
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Object Oriented ◽  
Control Flow ◽  
Sensitive Information ◽  
Information Flow Control ◽  
Flow Models ◽  
Information Models ◽  
Flow Information ◽  
Object Oriented Systems

One of the main features of information flow control is to ensure the enforcement of privacy and regulated accessibility. However, most information flow models that have been proposed do not provide substantial assurance to enforce end-to-end confidentiality policies or they are too restrictive, overprotected, and inflexible. This paper presents an approach to control flow information in object-oriented systems using versions, thus allowing considerable flexibility without compromising system security by leaking sensitive information. Models based on message filtering intercept every message exchanged among objects to control the flow of information. Versions are proposed to provide flexibility and avoid unnecessary and undesirable blocking of messages during the filtering process. Two options of operations are supported by versions — cloning reply and non-cloning reply. Furthermore, we present an algorithm which enforces message filtering through these operations.

Exception-based information flow control in object-oriented systems

1998 ◽  
Vol 1 (1) ◽  
pp. 26-65 ◽  
Author(s):  
Elisa Bertino ◽  
Sabrina De Capitani Di Vimercati ◽  
Elena Ferrari ◽  
Pierangela Samarati
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Object Oriented ◽  
Information Flow Control ◽  
Object Oriented Systems

Information flow control in object-oriented systems

1997 ◽  
Vol 9 (4) ◽  
pp. 524-538 ◽  
Author(s):  
P. Samarati ◽  
E. Bertino ◽  
A. Ciampichetti ◽  
S. Jajodia
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Object Oriented ◽  
Information Flow Control ◽  
Object Oriented Systems

ASSOCIATION-BASED INFORMATION FLOW CONTROL IN OBJECT-ORIENTED SYSTEMS

2004 ◽  
Vol 14 (03) ◽  
pp. 291-322
Author(s):  
SHIH-CHIEN CHOU ◽  
YING-KAI WEN
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Information Leakage ◽  
Object Oriented ◽  
Control Model ◽  
Program Execution ◽  
Information Flows ◽  
Information Flow Control ◽  
Object Oriented Systems

Controlling information flows to prevent information leakage within an application is essential. According to the maturity of object-oriented techniques, many models were developed for the control in object-oriented systems. Since objects may be dynamically instantiated during program execution, controlling information flows among objects is difficult. Our research revealed that association is useful in the control. We developed an association-based information flow control model for object-oriented systems. It precisely controls information flows among objects through associations and constraints. It also offers features such as controlling method invocation through argument sensitivity, allowing declassification, allowing purpose-oriented method invocation, and precisely controlling write access. This paper proposes the model and the implementation of the model, which is composed of the language AbFlow (association-based flow) and its supporting environment.

scholarly journals Flexible dynamic information flow control in the presence of exceptions

2017 ◽  
Vol 27 ◽  
Author(s):  
DEIAN STEFAN ◽  
DAVID MAZIÈRES ◽  
JOHN C. MITCHELL ◽  
ALEJANDRO RUSSO
Keyword(s):  
Flow Control ◽  
Information Flow ◽  
Information Leakage ◽  
Coarse Grained ◽  
Sensitive Information ◽  
Data Confidentiality ◽  
Information Flow Control ◽  
Dynamic Information ◽  
Discretionary Access Control ◽  
Fine Grained

AbstractWe describe a language-based, dynamic information flow control (IFC) system called LIO. Our system presents a new design point for IFC, influenced by the challenge of implementing IFC as a Haskell library, as opposed to the more typical approach of modifying the language runtime system. In particular, we take a coarse-grained, floating-label approach, previously used by IFC Operating Systems, and associate a single, mutable label—thecurrent label—with all the data in a computation's context. This label is always raised to reflect the reading of sensitive information and it is used to restrict the underlying computation's effects. To preserve the flexibility of fine-grained systems, LIO also provides programmers with a means for associating an explicit label with a piece of data. Interestingly, these labeled values can be used to encapsulate the results of sensitive computations which would otherwise lead to the creeping of the current label. Unlike other language-based systems, LIO also bounds the current label with acurrent clearance, providing a form of discretionary access control that LIO programs can use to deal with covert channels. Moreover, LIO provides programmers with mutable references and exceptions. The latter, exceptions, are used in LIO to encode and recover from monitor failures, all while preserving data confidentiality and integrity—this addresses a longstanding concern that dynamic IFC is inherently prone to information leakage due to monitor failure.

Sign in / Sign up

Export Citation Format

Share Document