End-to-End Availability Policies and Noninterference

Abstract

This paper introduces the use of static information flow analysis for the specification and enforcement of end-to-end availability policies in programs. We generalize the decentralized label model, which is about confidentiality and integrity, to also include security policies for availability. These policies characterize acceptable risks by representing them as principals. We show that in this setting, a suitable extension of noninterference corresponds to a strong, end-to-end availability guarantee. This approach provides a natural way to specify availability policies and enables existing static dependency analysis techniques to be adapted for availability. The paper presents a simple language in which fine-grained information security policies can be specified as type annotations. These annotations can include requirements for all three major security properties: confidentiality, integrity, and availability. The type system for the language provably guarantees that any well-typed program has the desired noninterference properties, ensuring confidentiality, integrity, and availability.

References

Page 1

	Year	Citations
Practical Byzantine fault tolerance Miguel Castro, Barbara Liskov Operating Systems Design and Implementation Hardware SecurityCluster ComputingBlockchain Consensus ProtocolFault-tolerant NetworkEngineering	1999	3.3K
Probability and Statistics With Reliability, Queuing, and Computer Science Applications. W. A. Thompson, Kishor S. Trivedi Journal of the American Statistical Association EngineeringDiscrete ProbabilityStochastic PhenomenonSystem ReliabilityQueueing Theory	1983	2.6K
Practical byzantine fault tolerance and proactive recovery Miguel Castro, Barbara Liskov ACM Transactions on Computer Systems Distributed File SystemBlockchain Consensus ProtocolEngineeringInformation SecurityFault Tolerance	2002	2.4K
Security Policies and Security Models Joseph A. Goguen, José Meseguer Computer EthicEngineeringUsable SecurityInformation SecurityModern World	1982	2.1K
Language-based information-flow security Andrei Sabelfeld, Andrew C. Myers IEEE Journal on Selected Areas in Communications Secret Input DataEngineeringInformation SecuritySoftware AnalysisFormal Verification	2003	1.9K
Proving the Correctness of Multiprocess Programs Leslie Lamport IEEE Transactions on Software Engineering Informal ProofsEngineeringStepwise RefinementVerificationComputer-aided Verification	1977	1.1K
Certification of programs for secure information flow Dorothy E. Denning, Peter J. Denning Communications of the ACM EngineeringInformation SecuritySoftware AnalysisFormal VerificationLattice Structure	1977	1K
A sound type system for secure flow analysis Dennis Volpano, Cynthia Irvine, Geoffrey Smith Journal of Computer Security EngineeringInformation SecuritySecurity EvaluationSecure Flow AnalysisSoftware Analysis	1996	958
Tentative steps toward a development method for interfering programs Cliff B. Jones ACM Transactions on Programming Languages and Systems	1983	607
A calculus for access control in distributed systems Martı́n Abadi, Michael T. Burrows, Butler Lampson, ACM Transactions on Programming Languages and Systems EngineeringLogical Access ControlAccess MethodInformation SecurityAccess Control	1993	573

Page 1