Abstract
Decentralized information flow control (DIFC) systems provide strong protection for data secrecy and integrity. However, the complicated configuration of information flow between system objects increases the chance of misconfiguration, making the system vulnerable to attackers. In this paper we first present a systematic analysis of misconfigurations and their security threats for DIFC systems. Then we define the security analysis problem for DIFC configurations based on a formal state-transition model, which allows model checkers to prove a configuration is secure or detect misconfigurations that violate the desired security goal. The experiment shows that bounded model checking techniques plus a novel preprocessing algorithm are effective in solving this problem.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazieres, D., Kaashoek, F., Morris, R.: Labels and event processes in the asbestos operating system. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, Brighton, pp. 17–30. ACM (2005)
Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in histar. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, Seattle, pp. 263–278. USENIX Association (2006)
Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M., Kohler, E., Morris, R.: Information flow control for standard os abstractions. In: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, Stevenson, pp. 321–334. ACM (2007)
Zeldovich, N., Boyd-Wickizer, S., Mazieres, D.: Securing distributed systems with information flow control. In: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, San Francisco, pp. 293–308. USENIX Association (2008)
Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: 18th IEEE Computer Security Foundations Workshop (CSFW-18 2005), Aix-en-Provence, pp. 255–269. IEEE (2005)
Chaudhuri, A., Naldurg, P., Rajamani, S., Ramalingam, G., Velaga, L.: Eon: modeling and analyzing dynamic access control systems with logic programs. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, Alexandria, pp. 381–390. ACM (2008)
Yang, Z., Yin, L., Jin, S., Duan, M.: Towards formal security analysis of decentralized information flow control policies. Int. J. Innov. Comput. Inf. Control 8(11), 7969–7981 (2012)
Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.: Towards formal verification of role-based access control policies. IEEE Trans. Dependable Secur. Comput. 5(4), 242–255 (2008)
Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)
Krohn, M., Tromer, E.: Noninterference for a practical difc-based operating system. In: 30th IEEE Symposium on Security and Privacy, Oakland, pp. 61–76. IEEE (2009)
Denning, D.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Efstathopoulos, P., Kohler, E.: Manageable fine-grained information flow. ACM SIGOPS Oper. Syst. Rev. 42(4), 301–313 (2008)
Harris, W., Jha, S., Reps, T.: DIFC programs by automatic instrumentation. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, pp. 284–296 (2010)
Li, N., Tripunitara, M.: Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)
Harris, W., Kidd, N., Chaki, S., Jha, S., Reps, T.: Verifying information flow control over unbounded processes. In: FM 2009: Formal Methods, Eindhoven, pp. 773–789 (2009)
Chen, H., Li, N., Gates, C., Mao, Z.: Towards analyzing complex operating system access control configurations. In: Proceeding of the 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, pp. 13–22. ACM (2010)
Cimatti, A., Clarke, E., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: Nusmv 2: an opensource tool for symbolic model checking. In: Computer Aided Verification, Copenhagen, pp. 241–268. Springer (2002)
Myers, A., Liskov, B.: A decentralized model for information flow control. In: ACM SIGOPS Oper. Syst. Rev. 31, 129–142 (1997)
Myers, A.: Jflow: practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, pp. 228–241. ACM (1999)
Cheng, W., Ports, D., Schultz, D., Popic, V., Blankstein, A., Cowling, J., Curtis, D., Shrira, L., Liskov, B.: Abstractions for usable information flow control in aeolus. In: Proceedings of the 2012 USENIX Annual Technical Conference, Boston. USENIX Association (2012)
Roy, I., Porter, D., Bond, M., McKinley, K., Witchel, E., Laminar: practical fine-grained decentralized information flow control. ACM SIGPLAN Not. 44(6), 63–74 (2009)
Jayaraman, K., Ganesh, V., Tripunitara, M., Rinard, M., Chapin, S.: Automatic error finding in access-control policies. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, pp. 163–174. ACM (2011)
Ramakrishnan, C., Sekar, R., et al.: Model-based analysis of configuration vulnerabilities. J. Comput. Secur. 10(1/2), 189–209 (2002)
Guttman, J., Herzog, A., Ramsdell, J., Skorupka, C.: Verifying information flow goals in security-enhanced linux. J. Comput. Secur. 13(1), 115–134 (2005)
Focardi, R., Gorrieri, R.: The compositional security checker: a tool for the verification of information flow security properties. IEEE Trans. Softw. Eng. 23(9), 550–571 (1997)
Acknowledgements
This work was supported by AFOSR FA9550-07-1-0527 (MURI), ARO W911NF-09-1-0525 (MURI), NSF CNS-0905131, NSF CNS-1223710, ARO W911NF1210055, and U.S. ARL and U. K. MoD W911NF-06-3-0001. The authors would like to thank Yue Zhang, Jun Wang, William Robert Grace and Eunsuk Kang for their valuable feedbacks. The authors would also like to thank all the anonymous reviewers for their detailed comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Zhao, M., Liu, P. (2013). Modeling and Checking the Security of DIFC System Configurations. In: Al-Shaer, E., Ou, X., Xie, G. (eds) Automated Security Management. Springer, Cham. https://doi.org/10.1007/978-3-319-01433-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-01433-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-01432-6
Online ISBN: 978-3-319-01433-3
eBook Packages: Computer ScienceComputer Science (R0)