Automatic analysis of DIFC systems using noninterference with declassification

Information flow control (IFC) can effectively resist Trojans and viruses that steal information from systems, and is usually adopted to protect the confidentiality of systems with a high security level. However, covert channel attacks can bypass IFC by exploiting its implementation defects. Thus, i...

Full description

Saved in:
Bibliographic Details
Published in:Neural computing & applications Vol. 34; no. 12; pp. 9385 - 9396
Main Authors: Li, Wenfa, Yang, Zhi, Liu, Jia
Format: Journal Article
Language:English
Published: London Springer London 01.06.2022
Springer Nature B.V
Subjects:
Access control
Artificial Intelligence
Asbestos
Automation
Channels
Communication
Computational Biology/Bioinformatics
Computational Science and Engineering
Computer Science
Data Mining and Knowledge Discovery
Flow control
Image Processing and Computer Vision
Information flow
Privacy
Probability and Statistics in Computer Science
S.I.: AI-based Web Information Processing
Security
Special Issue on AI-based Web Information Processing
System effectiveness
Covert channel
CSP
DIFC
Noninterference
ISSN:0941-0643, 1433-3058
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Information flow control (IFC) can effectively resist Trojans and viruses that steal information from systems, and is usually adopted to protect the confidentiality of systems with a high security level. However, covert channel attacks can bypass IFC by exploiting its implementation defects. Thus, it is crucial to verify the system security and identify potential covert channels. Decentralized IFC (DIFC) is a key innovation that provides new flexible mechanisms, including decentralized declassification and taint tracking. However, the flexibility of DIFC systems also brings security risks. At present, there is a lack of a systematic and automatic security analysis approach for complex DIFC systems. In this paper, we propose a formal and automatic method to analyze the security of DIFC systems by using the FDR2 tool. We provide a new definition of noninterference, based on which the security analysis is performed. The analysis results indicate that our approach can both effectively detect covert channels in DIFC systems and accommodate conditional declassification information. The proposed method is more efficient and accurate than existing manual methods of covert channel detection.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0941-0643
1433-3058
DOI:10.1007/s00521-021-06334-7