Abstract. Disjunction Category Labels (DC-labels) are an expressive label format used to classify the sensitivity of data in information-flow control systems. DC-labels use capability-like privileges to downgrade information. Inappropriate use of privileges can compromise security, but DC-labels provide no mechanism to ensure appropriate use. We extend DC-labels with the novel notions of bounded privileges and robust privileges. Bounded privileges specify and enforce upper and lower bounds on the labels of data that may be downgraded. Bounded privileges are simple and intuitive, yet can express a rich set of desirable security policies. Robust privileges can be used only in downgrading operations that are robust, i.e., the code exercising privileges cannot be abused to release or certify more information than intended. Surprisingly, robust downgrades can be expressed in DC-labels as downgrading operations using a weakened privilege. We provide sound and complete run-time security checks to ensure downgrading operations are robust. We illustrate the applicability of bounded and robust privileges in a case study as well as by identifying a vulnerability in an existing DC-label-based application.
Thv paper introduces an algebra for expressing security policies with particular appli~ction la cryptographir rnrthods of storing informatian. The algebra is composed of operands which ;ire rr!plupiaphic functions. dependent upon an algorithm and a kc), and a w ( nf ~~p e r a t w~. By combinmg expressions in meaningful Nays. security pnl~cirr c.w hi. reprew~trd. The advantages of this are that the categories and c l i l i s~l i~1 1 t~w~ 01 i n f~w m a t~~n can clrarl! he srrn the repiesent;~lion of security poliaes c;ir hr c n n c w ;ind a model represented in the algebra may be translated readilj into a mnfigur.~t~iw of ;ryptograph~ key, thus aimplify~ng the utheiwise diiricull task of ~e r , l > l l l g >cc
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.