Mining for Mutation Operators for Reduction of Information Flow Control Violations

The virtual machine in the fine-grained information flow tracking is the basis for realization of transparent cloud platform program level control. The information flow control access to sensitive information in the process, because the authority transfer security level and cannot read or write the non sensitive data, the coarse granularity information flow control is difficult to meet the actual demand of diversification, this paper proposes extended DIFC (Distributed Information Flow Control) model, this model avoids component of cloud platform virtual machine because of the higher level of security sensitive data through reading, it sends or modifies the defects of non sensitive data by transfering the authority, and effectively overcomes the defect that the existing information flow control method for the coarse granularity, and the shortcomings which unable to meet the actual demand, this model guarantees the tracking and control of fine-grained information flow within the virtual machine application, and it does not affect the original cloud service operation.

Making Data Flow

The security of software-intensive systems is frequently attacked. High fines or loss in reputation are potential consequences of not maintaining confidentiality, which is an important security objective. Detecting confidentiality issues in early software designs enables cost-efficient fixes. A Data Flow Diagram (DFD) is a modeling notation, which focuses on essential, functional aspects of such early software designs. Existing confidentiality analyses on DFDs support either information flow control or access control, which are the most common confidentiality mechanisms. Combining both mechanisms can be beneficial but existing DFD analyses do not support this. This lack of expressiveness requires designers to switch modeling languages to consider both mechanisms, which can lead to inconsistencies. In this article, we present an extended DFD syntax that supports modeling both, information flow and access control, in the same language. This improves expressiveness compared to related work and avoids inconsistencies. We define the semantics of extended DFDs by clauses in first-order logic. A logic program made of these clauses enables the automated detection of confidentiality violations by querying it. We evaluate the expressiveness of the syntax in a case study. We attempt to model nine information flow cases and six access control cases. We successfully modeled fourteen out of these fifteen cases, which indicates good expressiveness. We evaluate the reusability of models when switching confidentiality mechanisms by comparing the cases that share the same system design, which are three pairs of cases. We successfully show improved reusability compared to the state of the art. We evaluated the accuracy of confidentiality analyses by executing them for the fourteen cases that we could model. We experienced good accuracy.

This research is supported by the China National R&D Key Research Program (2019YFB1705703) and the In-terdisciplinary Program of SJTU, Shanghai, China (No. YG2019ZDA07).

Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

Control of information flow between neurons or groups of neurons is essential in a functional brain, e.g. for context and brain state dependent processing. In line with recent experimental and theoretical studies [1-5] we show that phase relations between synchronized oscillatory local circuits or brain areas may dynamically create information channels and induce changes in the effective connectivity. Reducing neuronal oscillatory dynamics to a phase - amplitude description [6,7], we show how alternative phase shifts between different neurons or groups of neurons result in different effective connectivities. In particular, to quantify the information flow, we analytically calculate the time delayed mutual information and transfer entropy between oscillators in a phase locked state. We further present a theoretical framework to predict phase lag patterns within and between groups of oscillators in hierarchical networks. Combining both results we derive the information flow between the oscillators as a function of structural and dynamical network parameter. We use our results to reveal how effective connectivity is controlled by the underlying physical connectivity and the intrinsic single oscillation frequencies. Interestingly, we find that local changes in the strength of a single link can remotely control the effective connectivity between two different physically unchanged oscillators. Similarly, local inputs modulating the intrinsic frequencies can dynamically and remotely change the information flow between distal nodes. We link our results to biophysically more realistic networks of spiking neurons. In a clustered network of groups of type I neurons exhibiting gamma oscillations emanating from a PING mechanism [8], we numerically show that local changes of the connectivity or the inputs strengths within a cluster can non-locally control the phase relations and the information flow between distant clusters.

Many models, methods, techniques, and systems have been developed to preserve the integrity of data and guarantee an acceptable level of security over networks. Protection from illegitimate data access and control of information flow are two main goals. This paper presents new techniques that address two main issues: information protection at various levels of granularity and data flow control We first investigate challenges and limits of established access control models regarding flow control. We then introduce a new flow control model based on granularity, the GBFC. GBFC is capable of guaranteeing flow control under reasonable assumptions. In addition, it offers advantages such as adaptability, full control, reliability and compatibility amongst others. Essentially, in GBFC classified information at suitable levels of granularity is accessible through references and information flow control is applied on the references. We also introduce the concepts of views for information access and Noise Injection that represent building blocks for the Granularity Based Flow Control. With noise injection, a document can be transformed into different views to erase or replace protected information and this transformation can be made almost undetectable to the unauthorized reader. Therefore, inference can be made much more difficult with this method. The GBFC model is intended to complement, rather than replace, existing access control methods.

Dedicated to the memory of John C. Reynolds (1935--2013). We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic.

We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.

This paper investigates the problem of preserving information flow security in Event-B specification models and during the process of refining an abstract specification to be more concrete. A typed Event-B model is presented to enforce information flow security.We then present an approach to the problem of preserving information flow properties under abstraction refinement. The novelty of the approach is that we formalise refinement transformation in terms of the mathematical concept of Galois connection for the purpose of information-flow analysis and control. That is, the stateinvariant and state-transition predicates of the models are used to generate the Galois connection. We show how the refinement transformation ensures to preserve the security properties during the development steps from the beginning abstract-level specification to a concrete implementation.

Information flow control on the Internet is a desirable feature when it comes to content such as neo-Nazi propaganda, child pornography, or material showing extreme violence or crimes. In order to provide for a flexible control of information flow on the Internet, we present the pattern system InFO (short for: Information Flow Ontology). InFO provides a common support for different enforcing systems such as routers, proxies, or name servers by abstracting from existing as well as possible future regulation types. Thus, unlike existing solutions, InFO provides information flow control on the Internet-layer, transport-layer, as well as application-layer. In addition, InFO allows for linking the technical implementation of a flow control policy with a human-readable representation including its legal background (law) and organizational motivation (code of conduct). Besides a detailed description of the pattern system, we also provide various examples demonstrating the practical applicability of InFO. InFO has been implemented for name servers, routers, as well as application-level proxy servers. Its source code is available to the public.

In mobile platforms and their app markets, controlling app permissions and preventing abuse of private information are crucial challenges. Information Flow Control (IFC) is a powerful approach for formalizing and answering user concerns such as: Does this app send my geolocation to the Internet? Yet despite intensive research efforts, IFC has not been widely adopted in mainstream programming practice. Abstract We observe that the typical structure of Android apps offers an opportunity for a novel and effective application of IFC. In Android, an app consists of a collection of a few dozen each in charge of some high-level functionality. Most components do not require access to most resources. These components are a natural and effective granularity at which to apply IFC (as opposed to the typical process-level or language-level granularity). By assigning different permission labels to each component, and limiting information flow between components, it is possible to express and enforce IFC constraints. Yet nuances of the Android platform, such as its multitude of discretionary (and somewhat arcane) communication channels, raise challenges in defining and enforcing component boundaries.Abstract We build a system, DroidDisintegrator, which demonstrates the viability of component-level IFC for expressing and controlling app behavior. DroidDisintegrator uses dynamic analysis to generate IFC policies for Android apps, repackages apps to embed these policies, and enforces the policies at runtime. We evaluate DroidDisintegrator on dozens of apps.

Information Flow Control at Operating System (OS) level features interesting properties and have been an active topic of research for years. However, no implementation can work reliably if there does not exist a way to correctly and precisely track all information flows occurring in the system. The existing implementations for Linux are based on the Linux Security Modules (LSM) framework which implements hooks at specific points in code where any security mechanism may interpose a security decision in the execution. However, previous works on the verification of LSM only addressed access control and no work has raised the question of the reliability of information flow control systems built on LSM@. In this work, we present a compiler-assisted and reproducible static analysis on the Linux kernel to verify that the LSM hooks are correctly placed with respect to operations generating information flows so that LSM-based information flow monitors can properly track all information flows. Our results highlight flaws in LSM that we propose to solve, thus improving the suitability of this framework for the implementation of information flow monitors.

CDroid: practically implementation a formal-analyzed CIFC model on Android

Mechanisms of neuroprogression and interventions to predict and arrest it