Enforcing Dynamic Interference Policy

Author

Prost, Frédéric

Author_Institution

LIG, Univ. de Grenoble, Grenoble, France

fYear

2011

fDate

9-11 Oct. 2011

Firstpage

1111

Lastpage

1118

Abstract

Noninterference is the mathematical basis for confidentiality analyses. The idea is to ensure that private data will not be observable at a public level. Understood in a strict way noninterference is a too strong property. Standard every day life examples like password checks or message encryption formally break the noninterference property. In this paper we propose a framework in which it is possible to define an interference policy allowing to define safe data declassification. Moreover this policy is dynamic, i.e. the confidentiality level of data may evolve during computation: think at policies in which you want to express that a user has a limited number of guesses or to the sending of a pay-per-view information. We develop a notion of program safety with relation to a dynamic interference policy and give an algorithm (in the form of an abstract evaluation of the program) to check that a program is safe with relation to a dynamic interference policy.

Keywords

authorisation; data privacy; pattern classification; data confidentiality level; dynamic interference policy; mathematical basis; message encryption; noninterference property; pay-per-view information; private data; program safety; public level; safe data declassification; Cryptography; Electronics packaging; Heuristic algorithms; Interference; Privacy; Semantics; Noninterference; Privacy;

fLanguage

English

Publisher

ieee

Conference_Titel

Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on

Conference_Location

Boston, MA

Print_ISBN

978-1-4577-1931-8

Type

conf

DOI

10.1109/PASSAT/SocialCom.2011.17

Filename

6113266