Mechanisms of neuroprogression and interventions to predict and arrest it

CDroid: practically implementation a formal-analyzed CIFC model on Android

The virtual machine in the fine-grained information flow tracking is the basis for realization of transparent cloud platform program level control. The information flow control access to sensitive information in the process, because the authority transfer security level and cannot read or write the non sensitive data, the coarse granularity information flow control is difficult to meet the actual demand of diversification, this paper proposes extended DIFC (Distributed Information Flow Control) model, this model avoids component of cloud platform virtual machine because of the higher level of security sensitive data through reading, it sends or modifies the defects of non sensitive data by transfering the authority, and effectively overcomes the defect that the existing information flow control method for the coarse granularity, and the shortcomings which unable to meet the actual demand, this model guarantees the tracking and control of fine-grained information flow within the virtual machine application, and it does not affect the original cloud service operation.

Optimal mining on security labels for decentralized information flow control

Data security concerns are one of obstacles to adopt cloud computing on a large scale. Especially users cannot control the behavior of SaaS applications how to use their data in SaaS cloud. It is hard to verify whether the security protocols have been performed or not. In addition, the service model of single instance multi-tenant causes the threat of data leakage between tenants who share the same application instance. A universality dynamic data protection scheme in SaaS cloud services is proposed in the paper. This scheme focus on how to use decentralized information flow control (DIFC) model to prevent cloud programs revealing users' private data and stop the data leakage between tenants. A project application example is given, and its security is analyzed. The scheme has the advantage that the security policy can be set by the user independent. It can realize distributed authorization, and can be made of a small number of trusted codes to implement the strategy execution. This made the code monitoring easier.

DIFCS: A Secure Cloud Data Sharing Approach Based on Decentralized Information Flow Control

This paper presents a capability-based decentralized information flow control (DIFC) model and implements this model on a Barrelfish kernel. In this model, we use a uniform abstraction, capabilities, to describe the restriction rules and manipulate information labels. The structure of our model is concise and easy to implement on a real-world system. We have added several system calls in the Barrelfish kernel, including secure message passing, compartment allocation and capability transferring. The results show that the capability-based DIFC rules ensure the security and integrity of the system communication mechanism with a small amount of system overhead.

Data usage control enables data owners to enforce policies for their data, by defining authorizations, but also obligations, which are actions to be performed before, during or after being granted access such as accepting web cookies, and conditions bearing on the system and environment attributes, e.g., the time. Usage control is often coupled with information flow control to monitor how data are propagated. While usage control is well established and modeled in centralized systems, the literature has only partially addressed usage control for distributed systems, for instance by distributing the usage control system components. However, when it comes to assigning policy to certain data, it is always enforced by a central authority. This paper proposes an extended usage control model to integrate decentralized information flow control (DIFC), which enables users to decide collectively which policy to apply to their common data. Functions to handle connection status aspects are also considered, for dynamic Internet of Things (IoT) or peer-to-peer networks where parts of the distributed network can be disconnected. Architectural aspects and formal definitions to enable decentralized policies for shared data are proposed as a novelty, resulting from the integration of DIFC. We used the TLA+ formal specification language on the proposed model and its attached model checker TLC to detect potential issues. We detected potential deadlocks due to the new connection functions as well as temporal ordering issues then suggested mitigations accordingly. A privacy analysis is provided using a car-sharing scenario to highlight the benefits of usage control.

An agent-based inter-application information flow control model

Decentralized Information Flow Control (DIFC) systems enable programmers to express a desired DIFC policy, and to have the policy enforced via a reference monitor that restricts interactions between system objects, such as processes and files. Past research on DIFC systems focused on the reference-monitor implementation, and assumed that the desired DIFC policy is correctly specified. The focus of this paper is an automatic technique to verify that an application, plus its calls to DIFC primitives, does indeed correctly implement a desired policy. We present an abstraction that allows a model checker to reason soundly about DIFC programs that manipulate potentially unbounded sets of processes, principals, and communication channels. We implemented our approach and evaluated it on a set of real-world programs.KeywordsModel CheckerUnary RelationSecrecy LabelProgram PointAbstract SemanticThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Information flow control is a canonical approach to access control in systems, allowing administrators to assure confidentiality and integrity through restricting the flow of data. Decentralized Information Flow Control (DIFC) harnesses application-layer semantics to allow more precise and accurate mediation of data. Unfortunately, past approaches to DIFC have depended on dedicated instrumentation efforts or developer buy-in. Thus, while DIFC has existed for decades, it has seen little-to-no adoption in commodity systems; the requirement for complete redesign or retrofitting of programs has proven too high a barrier. In this work, we make the surprising observation that developers have already unwittingly performed the instrumentation efforts required for DIFC — application event logging, a software development best practice used for telemetry and debugging, often contains the information needed to identify application-layer event processes that DIFC mediates. We present T-difc, a kernel-layer reference monitor framework that leverages the insights of application event logs to perform precise decentralized flow control. T-difc identifies and extracts these application events as they are created by monitoring application I/O to log files, then references an administrator-specified security policy to assign data labels and mediate the flow of data through the system. To our knowledge, T-difc is the first approach to DIFC that does not require developer support or custom instrumentation. In a survey of 15 popular open source applications, we demonstrate that T-difc works seamlessly on a variety of popular open source programs while imposing negligible runtime overhead on realistic policies and workloads. Thus, T-difc demonstrates a transparent and non-invasive path forward for the dissemination of decentralized information flow controls.

Mobile operating systems such as Android are facing serious security risk. First, they have a large number of users and store a large number of users’ private data, which have become major targets of network attack; second, their openness leads to high security risks; third, their coarse-grained static permission control mechanism leads to a large number of privacy leaks. Recent decentralized information flow control (DIFC) operating systems such as Asbestos, HiStar, and Flume dynamically adjust the label of each process. Asbestos contains inherent covert channels due to this implicit label adjustment. The others close these covert channels through the use of explicit label change, but this impedes communication and increases performance overhead. We present an enhanced implicit label change model (EILCM) for mobile operating systems that can close the known covert channel in these models with implicit label change and supports dynamic constraints on tags for separation of duty. We also formally analyze the reasons why EILCM can close the known covert channels and prove that abstract EILCM systems have the security property of noninterference with declassification by virtue of the model checker tool FDR. We also prove that the problem of EILCM policy verification is NP-complete and propose a backtrack-based search algorithm to solve the problem. Experiments are presented to show that the algorithm is effective.

A new generation of avionics system has three major technical characteristics of high resource sharing, data integration and software intensive. However, in the cooperative combat environment, which has the problem of potential sensitive information leakage and tamper when the combat aircraft communicate with each other. In this paper, we are based on the single node of information flow control model, combined with PCS, proposed a distributed information flow control model in MILS, constructed the PCS information flow control strategy, and together with other trusted component of information flow control strategy that form the multi-level information flow control policy framework, which design an information flow control mechanism of PCS and realized the distributed information flow control in MILS. After analysis and verification, the design of the distributed information flow security control method in MILS can effectively ensure the confidentiality and integrity of the information among the nodes.

Because information flow control mechanisms often rely on an underlying authorization mechanism, their security guarantees can be subverted by weaknesses in authorization. Conversely, the security of authorization can be subverted by information flows that leak information or that influence how authority is delegated between principals. We argue that interactions between information flow and authorization create security vulnerabilities that have not been fully identified or addressed in prior work. We explore how the security of decentralized information flow control (DIFC) is affected by three aspects of its underlying authorization mechanism: first, delegation of authority between principals, second, revocation of previously delegated authority, third, information flows created by the authorization mechanisms themselves. It is no surprise that revocation poses challenges, but we show that even delegation is problematic because it enables unauthorized downgrading. Our solution is a new security model, the Flow-Limited Authorization Model (FLAM), which offers a new, integrated approach to authorization and information flow control. FLAM ensures robust authorization, a novel security condition for authorization queries that ensures attackers cannot influence authorization decisions or learn confidential trust relationships. We discuss our prototype implementation and its algorithm for proof search.

Information flow control (IFC) is useful in preventing information leakage during software execution.Our survey reveals that no IFC model is applied on the entire software development process.Applying an IFC model on the entire software development process offers the following features: (1) viewpoints of all stakeholders (i.e., customers and analysts) can be included and ( 2) the IFC model helps correcting statements that may leak information during every development phase.In addition that no IFC model is applied to the entire software development process, we failed to identify an IFC model that can reduce runtime overhead.According to the above description, we designed a new IFC model named PrcIFC (process IFC).PrcIFC is applied on the entire software development process.Moreover, PrcIFC is disabled after software testing to reduce runtime overhead.

Cloud computing platforms are now constructed as distributed, modular systems of cloud services, which enable cloud users to manage their cloud resources. However, in current cloud platforms, cloud services fully trust each other, so a malicious user may exploit a vulnerability in a cloud service to obtain unauthorized access to another user's data. To date, over 150 vulnerabilities have been reported in cloud services in the OpenStack cloud. Research efforts in cloud security have focused primarily attacks originating from user VMs or compromised operating systems rather than threats caused by the compromise of distributed cloud services, leaving cloud users open to attacks from these vulnerable cloud services. In this paper, we propose the Pileus cloud service architecture, which isolates each user's cloud operations to prevent vulnerabilities in cloud services from enabling malicious users to gain unauthorized access. Pileus deploys stateless cloud services on demand to service each user's cloud operations, limiting cloud services to the permissions of individual users. Pileus leverages the decentralized information flow control (DIFC) model for permission management, but the Pileus design addresses special challenges in the cloud environment to: (1) restrict how cloud services may be allowed to make security decisions; (2) select trustworthy nodes for access enforcement in a dynamic, distributed environment; and (3) limit the set of nodes a user must trust to service each operation. We have ported the OpenStack cloud platform to Pileus, finding that we can systematically prevent compromised cloud services from attacking other users' cloud operations with less than 3% additional latency for the operation. Application of the Pileus architecture to Open-Stack shows that confined cloud services can service users' cloud operations effectively for a modest overhead.