Making Information Flow Work- Declassification, Accountability, and Mediation for Secure Systems
Abstract
Cybersecurity is enforced today by using mechanisms for restricting access to information containers. What actually needs to be enforced is access to information and restrictions on information flows. To bridge this gap, system designers make assumptions about where certain information will be stored and how that information can be accessed. Those assumptions undermine system security, because they can be vulnerabilities and they weaken assurance arguments. Mechanisms have been explored for enforcing access to information. Each piece of in- formation is assigned a security label that associates restrictions about access and flows. Declassification -- where a more-restrictive label is replaced by a less-restrictive one -- is typically supported. However, methods do not exist for establishing that declassifications preserve an intended security policy. One thrust of the proposed research will be the development of such methods by formulating suitable hyperproperties -- because classical non-interference security policies do not provide the necessary flexibility -- and by developing methods for verifying those hyperproperties. The second thrust of the proposed research is to develop a theory of applied information ow that can be used for analyzing systems. The theory would identify actual information flows in a system, rather than giving the conservative approximations that current methods provide. Such a theory would provide ways to establish what inputs and internal components are actually accountable for a system output, even in the presence of correlated but not causally-connected values, which is what system builders require for identifying system components that can serve as mediation points in a design. A theory along these lines also can serve as a framework for comparing the effectiveness of various kinds of mediators, including those used for sanitization and declassification.
Document Details
- Document Type
- DoD Grant Award
- Publication Date
- Mar 06, 2024
- Source ID
- FA95502310435
Entities
People
- Fred B. Schneider
Organizations
- Air Force Office of Scientific Research
- Cornell University
- United States Air Force