Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

It’s My Privilege: Controlling Downgrading in DC-Labels

  • Conference paper
  • First Online:
Security and Trust Management (STM 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9331))

Included in the following conference series:

Abstract

Disjunction Category Labels (DC-labels) are an expressive label format used to classify the sensitivity of data in information-flow control systems. DC-labels use capability-like privileges to downgrade information. Inappropriate use of privileges can compromise security, but DC-labels provide no mechanism to ensure appropriate use. We extend DC-labels with the novel notions of bounded privileges and robust privileges. Bounded privileges specify and enforce upper and lower bounds on the labels of data that may be downgraded. Bounded privileges are simple and intuitive, yet can express a rich set of desirable security policies. Robust privileges can be used only in downgrading operations that are robust, i.e., the code exercising privileges cannot be abused to release or certify more information than intended. Surprisingly, robust downgrades can be expressed in DC-labels as downgrading operations using a weakened privilege. We provide sound and complete run-time security checks to ensure downgrading operations are robust. We illustrate the applicability of bounded and robust privileges in a case study as well as by identifying a vulnerability in an existing DC-label-based application.

This work is supported in part by the National Science Foundation under Grants 1054172 and 1421770, DARPA CRASH under contract #N66001-10-2-4088, the Swedish research agencies VR and STINT, and the Barbro Osher Pro Suecia foundation.

A.Russo—Work done while visiting Stanford.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/scslab/hails/tree/master/examples/hails-rock.

References

  1. Almeida Matos, A., Boudol, G.: On declassification and the non-disclosure policy. In: Proceedingsof the 18th IEEE Computer Security Foundations Workshop, pp. 226–240 (2005)

    Google Scholar 

  2. Askarov, A., Myers, A.: A semantic framework for declassification and endorsement. In: Proceedings of the 19th European Symposium on Programming (2010)

    Google Scholar 

  3. Biba, K.J.: Integrity considerations for secure computer systems. ESD-TR-76-372 (1977)

    Google Scholar 

  4. Birgisson, A., Russo, A., Sabelfeld, A.: Capabilities for information flow. In: Proceedings of the 6th Workshop on Programming Languages and Analysis for Security (2011)

    Google Scholar 

  5. Chong, S., Myers, A.C.: Language-based information erasure. In: Proceeding of the 18th IEEE Computer Security Foundations Workshop, pp. 241–254, June 2005

    Google Scholar 

  6. Chong, S., Myers, A.C.: Decentralized robustness. In: Proceedings of the 19th IEEE Workshop on Computer Security Foundations, pp. 242–256 (2006)

    Google Scholar 

  7. Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., Morris, R.: Labels and event processes in the Asbestos operating system. In: Proceedings of the 20th ACM Symposium on Operating Systems Principles (2005)

    Google Scholar 

  8. Foley, S., Gong, L., Qian, X.: A security model of dynamic labeling providing a tiered approach to verification. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 142–158 (1996)

    Google Scholar 

  9. Giffin, D.B., Levy, A., Stefan, D., Terei, D., Mazières, D., Mitchell, J., Russo, A.: Hails: Protecting data privacy in untrusted web applications. In: Proceedings of the Symposium on Operating Systems Design and Implementation (2012)

    Google Scholar 

  10. Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard OS abstractions. In: Proceedings of the 21st Symposium on Operating Systems Principles, October 2007

    Google Scholar 

  11. Mantel, H., Sands, D.: Controlled declassification based on intransitive noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. van der Meyden, R.: What, indeed, is intransitive noninterference? In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 235–250. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java Information Flow (2001-), software release. http://www.cs.cornell.edu/jif

  14. Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Proceedings of the 16th ACM Symposium on Operating System Principles, pp. 129–142. New York, NY, USA (1997)

    Google Scholar 

  15. Myers, A.C., Liskov, B.: Complete, safe information flow with decentralized labels. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 186–197, May 1998

    Google Scholar 

  16. Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. J. Comput. Secur. 14(2), 157–196 (2006)

    Article  Google Scholar 

  17. Pottier, F., Conchon, S.: Information flow inference for free. In: Proceedings of the 5th ACM SIGPLAN International Conference on Functional Programming, pp. 46–57. New York, NY, USA (2000)

    Google Scholar 

  18. Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference? In: Proceedings of the 12th IEEE Computer Security Foundations Workshop (1999)

    Google Scholar 

  19. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)

    Article  Google Scholar 

  20. Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proceedings of the 18th IEEE Computer Security Foundations Workshop, pp. 255–269, June 2005

    Google Scholar 

  21. Stefan, D., Russo, A., Mazières, D., Mitchell, J.C.: Disjunction category labels. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 223–239. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Stefan, D., Russo, A., Mitchell, J.C., Mazières, D.: Flexible Dynamic Information Flow Control in Haskell. In: Proceedings of the 4th ACM Symposium on Haskell, pp. 95–106. New York, NY, USA (2011)

    Google Scholar 

  23. Stefan, D., Yang, E.Z., Marchenko, P., Russo, A., Herman, D., Karp, B., Mazières, D.: Protecting users by confining JavaScript with COWL. In: Proceedings of the 11th Symposium on Operating Systems Design and Implementation, October 2014

    Google Scholar 

  24. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Comput. Secur. 4(3), 167–187 (1996)

    Article  Google Scholar 

  25. Zdancewic, S., Myers, A.C.: Robust declassification. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop, pp. 15–23, Jun 2001

    Google Scholar 

  26. Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in HiStar. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 263–278 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Harvard University, Cambridge, MA, USA

    Lucas Waye, Dan King & Stephen Chong

  2. Chalmers University of Technology, Gothenburg, Sweden

    Pablo Buiras & Alejandro Russo

Authors
  1. Lucas Waye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pablo Buiras
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dan King
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stephen Chong
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Alejandro Russo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lucas Waye .

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Crema, Italy

    Sara Foresti

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Waye, L., Buiras, P., King, D., Chong, S., Russo, A. (2015). It’s My Privilege: Controlling Downgrading in DC-Labels. In: Foresti, S. (eds) Security and Trust Management. STM 2015. Lecture Notes in Computer Science(), vol 9331. Springer, Cham. https://doi.org/10.1007/978-3-319-24858-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24858-5_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24857-8

  • Online ISBN: 978-3-319-24858-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation