log in  |  register  |  feedback?  |  help  |  web accessibility
Logo
Flexible Information-Flow Control
Daniel Schoepe - Chalmers University of Technology
3460 A.V. Williams Building (AVW)
Monday, July 10, 2017, 11:00 am-12:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Abstract

Due to the pervasiveness of untrusted code handling sensitive
information, information leaks in programs pose a high risk of unwanted
data disclosure. While information-flow control techniques provide
strong guarantees, they are not widely used in practice. Conversely more
light-weight techniques such as taint tracking lack formal guarantees
and analysis.

To address this, we investigate more permissive techniques with weaker
guarantees: Taint tracking is widely used, but hard to capture formally.
We present a formal security definition of the security property it
enforces and explore a new enforcement method based on the faceted
values technique. Additionally, we establish a connection between the
security notions of opacity and noninterference. To make fully-fledged
information-flow control easier to use, we present and approach to
secure database-backed applications using homogeneous meta-programming
to secure applications combining server-side code, client-side code, and
database interactions.

This talk is organized by Shiyi Wei