Information flow policies

by Fred Foster.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on data security  

You are here: Categories » Computers and technology » Data security

Information flow policies define the way information moves throughout a system. Typically, these policies are designed to preserve confidentiality of data or integrity of data. In the former, the policy's goal is to prevent information from flowing to a user not authorized to receive it. In the latter, information may flow only to processes that are no more trustworthy than the data.

Any confidentiality and integrity policy embodies an information flow policy.

EXAMPLE: The Bell-LaPadula Model describes a lattice-based information flow policy. Given two compartments A and B, information can flow from an object in A to a subject in B if and only if B dominates A.

Let x be a variable in a program. The notation x refers to the information flow class of x.

EXAMPLE: Consider a system that uses the Bell-LaPadula Model. The variable x, which holds data in the compartment (TS, { NUC, EUR }), is set to 3. Then x = 3 and x = (TS, { NUC, EUR }).

Intuitively, information flows from an object x to an object y if the application of a sequence of commands c causes the information initially in x to affect the information in y.

The command sequence c causes a flow of information from x to y if, after execution of c, some information about the value of x before c was executed can be deduced from the value of y after c was executed.

This definition views information flow in terms of the information that the value of y allows one to deduce about the value in x. For example, the statement

y := x;

reveals the value of x in the initial state, so information about the value of x in the initial state can be deduced from the value of y after the statement is executed. The statement

y := x / z;

reveals some information about x, but not as much as the first statement.

The final result of the sequence c must reveal information about the initial value of x for information to flow. The sequence

tmp := x;  y := tmp;

has information flowing from x to y because the (unknown) value of x at the beginning of the sequence is revealed when the value of y is determined at the end of the sequence. However, no information flow occurs from tmp to x, because the initial value of tmp cannot be determined at the end of the sequence.

EXAMPLE: Consider the statement

x := y + z;

Let y take any of the integer values from 0 to 7, inclusive, with equal probability, and let z take the value 1 with probability 0.5 and the values 2 and 3 with probability 0.25 each. Once the resulting value of x is known,the initial value of y can assume at most three values. Thus, information flows from y to x. Similar results hold for z.


EXAMPLE: Consider a program in which x and y are integers that may be either 0 or 1. The statement

if x = 1 then y := 0;  else y := 1;

does not explicitly assign the value of x to y.

Assume that x is equally likely to be 0 or 1. Then H(xs) = 1. But H(xs | yt) = 0, because if y is 0, x is 1, and vice versa. Hence, H(xs | yt) = 0 < H(xs | ys) = H(xs) = 1. Thus, information flows from x to y.

An implicit flow of information occurs when information flows from x to y without an explicit assignment of the form y := f(x), where f(x) is an arithmetic expression with the variable x.

The flow of information occurs, not because of an assignment of the value of x, but because of a flow of control based on the value of x. This demonstrates that analyzing programs for assignments to detect information flows is not enough. To detect all flows of information, implicit flows must be examined.

Information Flow Models and Mechanisms

An information flow policy is a security policy that describes the authorized paths along which that information can flow. Each model associates a label, representing a security class, with information and with entities containing that information. Each model has rules about the conditions under which information can move throughout the system.

In this tutorial, we use the notation x <= y to mean that information can flow from an element of class x to an element of class y. Equivalently, this says that information with a label placing it in class x can flow into class y.

The models of information flow policies were lattices. We first consider nonlattice information flow policies and how their structures affect the analysis of information flow. We then turn to compiler-based information flow mechanisms and runtime mechanisms. We conclude with a look at flow controls in practice.

Share
Leave a comment or ask a question
Total comments: 0

Data security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Online Security on Public Computers - Using public computers can put you at risk for password hackers who use tools such as keystroke logging devices. Find out how to protect yourself from criminals preying on public computers. (more...)
How to Create a Strong Password - Using a password keeper can help you keep your online information more secure by allowing you to create more complex passwords for your Internet accounts without having to remember them. Here a (more...)
How Many Passwords do You Know to Protect Your Computer Privacy - 1.Administrators Password: It is the most common way to lock your computer. But is it the safest way? Mostly, it is the easiest way to lock your computer. How to (more...)
What will be a perfect password - Myth: if it is encrypted, it is secure Truth: if it is not encrypted, it is not secure Before creating a password you should know: ⑴ NO passwo (more...)
How to bypass Windows Password - Forgot or lost windows password? Have been locked out of computer? Do not want to reinstall the computer because there is vital data on your computer? Oh, well, it is not that scar (more...)
UniKey API protection scheme ensures the highest security for software vendors - A question that regularly was come up is whether software could be one hundred percent secured by a dongle, or thought some dongles have been seriously cracked, why most expensive software still us (more...)
Sharing online passwords with important people - On the surface, it might seem ludicrous to think that anyone would want to share their important Internet passwords with other people. But the truth is that there are many instances where you might (more...)
Using tags can help you organize your passwords - For people with multiple Internet log-ins, keeping them organized can be incredibly complex. A service like Mitto.com can simplify the process by allowing you to attach tags to your log-in info (more...)
Rogue antispyware is a danger for all Internet users - There are several common but very popular viruses that everyone can catch nowadays. That's swine flue and malicious software. Swine flue can be dangerous to your health though in the most cases it (more...)
Spyware - Anyone who owns a computer knows about the threats of viruses and worms. But over the past ten years there has bean another concern annoying computer owners to death. This problem is Sp (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.