Skip to main content
SpringerLink
Log in

Unifying Facets of Information Integrity

  • Conference paper
Information Systems Security (ICISS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6503))

Included in the following conference series:

Abstract

Information integrity is a vital security property in a variety of applications. However, there is more than one facet to integrity: interpretations of integrity in different contexts include integrity via information flow, where the key is that trusted output is independent from untrusted input, and integrity via invariance, where the key is preservation of an invariant. Furthermore, integrity via invariance is itself multi-faceted. For example, the literature features formalizations of invariance as predicate preservation (predicate invariance), which is not directly compatible with invariance of memory values (value invariance). This paper offers a unified framework for integrity policies that include all of the facets above. Despite the different nature of these facets, we show that a straightforward enforcement mechanism adapted from the literature is readily available for enforcing all of the integrity facets at once.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Askarov, A., Hunt, S., Sabelfeld, A., Sands, D.: Termination-insensitive noninterference leaks more than just a bit. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 333–348. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Amtoft, T., Bandhakavi, S., Banerjee, A.: A logic for information flow in object-oriented programs. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 91–102 (2006)

    Google Scholar 

  3. Askarov, A., Myers, A.C.: A semantic framework for declassification and endorsement. In: Gordon, A.D. (ed.) Programming Languages and Systems. LNCS, vol. 6012, pp. 64–84. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Askarov, A., Sabelfeld, A.: Gradual release: Unifying declassification, encryption and key release policies. In: Proc. IEEE Symp. on Security and Privacy, pp. 207–221 (May 2007)

    Google Scholar 

  5. Askarov, A., Sabelfeld, A.: Tight enforcement of information-release policies for dynamic languages. In: Proc. IEEE Computer Security Foundations Symposium (July 2009)

    Google Scholar 

  6. Banerjee, A., Naumann, D., Rosenberg, S.: Expressive declassification policies and modular static enforcement. In: Proc. IEEE Symp. on Security and Privacy (May 2008)

    Google Scholar 

  7. Banerjee, A., Naumann, D.A.: Stack-based access control and secure information flow. Journal of Functional Programming 15(2), 131–177 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  8. Barthe, G., D’Argenio, P., Rezk, T.: Secure information flow by self-composition. In: Proc. IEEE Computer Security Foundations Workshop, pp. 100–114 (June 2004)

    Google Scholar 

  9. Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, Vol. 1, MITRE Corp., Bedford, MA (1973)

    Google Scholar 

  10. Biba, K.J.: Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA (Also available through National Technical Information Service, Springfield Va., NTIS AD-A039324) (April 1977)

    Google Scholar 

  11. Boudol, G., Kolundzija, M.: Access-control and declassification. In: Proc. Mathematical Methods, Models, and Architectures for Computer Networks Security. Communications in Computer and Information Science, vol. 1, pp. 85–98. Springer, Heidelberg (2007)

    Google Scholar 

  12. Cheney, J., Ahmed, A., Acar, U.: Provenance as dependency analysis. In: Arenas, M. (ed.) DBPL 2007. LNCS, vol. 4797, pp. 138–152. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Chong, S., Liu, J., Myers, A.C., Qi, X., Vikram, K., Zheng, L., Zheng, X.: Secure web applications via automatic partitioning. In: Proc. ACM Symp. on Operating System Principles, pp. 31–44 (October 2007)

    Google Scholar 

  14. Chong, S., Vikram, K., Myers, A.C.: Sif: Enforcing confidentiality and integrity in web applications. In: Proc. USENIX Security Symposium, pp. 1–16 (August 2007)

    Google Scholar 

  15. Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: Proc. IEEE Symp. on Security and Privacy, pp. 184–193 (May 1987)

    Google Scholar 

  16. Clarkson, M., Schneider, F.B.: Quantification of integrity. In: Proc. IEEE Computer Security Foundations Symposium (July 2010)

    Google Scholar 

  17. Cohen, E.S.: Information transmission in sequential programs. In: DeMillo, R.A., Dobkin, D.P., Jones, A.K., Lipton, R.J. (eds.) Foundations of Secure Computation, pp. 297–335. Academic Press, London (1978)

    Google Scholar 

  18. Darvas, A., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: Proc. Workshop on Issues in the Theory of Security (April 2003)

    Google Scholar 

  19. Denning, D.E.: A lattice model of secure information flow. Comm. of the ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  20. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Comm. of the ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  21. Dima, C., Enea, C., Gramatovici, R.: Nondeterministic nointerference and deducible information flow. Technical Report 2006-01, University of Paris 12, LACL (2006)

    Google Scholar 

  22. Diserholt, A.: Providing integrity policies as a library in Haskell. Master Thesis, Chalmers University of Technology, Gothenburg (March 2010), http://www.cse.chalmers.se/~russo/albert.htm

  23. Freeman, T., Pfenning, F.: Refinement types for ml. In: Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 268–277 (1991)

    Google Scholar 

  24. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20 (April 1982)

    Google Scholar 

  25. Gollmann, D.: Computer Security, 2nd edn. Wiley, Chichester (2006)

    Google Scholar 

  26. Guttman, J.: Invited tutorial: Integrity. Presentation at the Dagstuhl Seminar on Mobility, Ubiquity and Security (February 2007), http://www.dagstuhl.de/07091/ , Slides at, http://web.cs.wpi.edu/~guttman/

  27. Haack, C., Poll, E., Schubert, A.: Explicit information flow properties in JML. In: Proc. WISSEC (2008)

    Google Scholar 

  28. Heintze, N., Riecke, J.G.: The SLam calculus: programming with secrecy and integrity. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 365–377 (January 1998)

    Google Scholar 

  29. Hoare, C.A.R.: An axiomatic basis for computer programming. Comm. of the ACM 12(10), 576–580 (1969)

    Article  MATH  Google Scholar 

  30. LaPadula, L.J., Bell, D.E.: Secure computer systems: A mathematical model. Technical Report MTR-2547, Vol. 2, MITRE Corp., Bedford, MA (1973); Reprinted in J. of Computer Security 4(2-3), pp. 239–263 (1996)

    Google Scholar 

  31. Li, P., Mao, Y., Zdancewic, S.: Information integrity policies. In: Workshop on Formal Aspects in Security and Trust, FAST 2003 (2003)

    Google Scholar 

  32. Li, P., Zdancewic, S.: Unifying confidentiality and integrity in downgrading policies. In: Workshop on Foundations of Computer Security, pp. 45–54 (June 2005)

    Google Scholar 

  33. Mayfield, T., Roskos, J.E., Welke, S.R., Boone, J.M., McDonald, C.W.: Integrity in automated information systems. Technical Report P-2316, Institute for Defense Analyses (1991)

    Google Scholar 

  34. McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proc. IEEE Symp. on Security and Privacy, pp. 79–93 (May 1994)

    Google Scholar 

  35. Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. J. Computer Security 14(2), 157–196 (2006)

    Article  Google Scholar 

  36. Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow. Software release (July 2001), http://www.cs.cornell.edu/jif

  37. Naumann, D.: Theory for software verification. Draft (January 2009), http://www.cs.stevens.edu/~naumann/pub/theoryverif.pdf

  38. Ørbæk, P.: Can you trust your data? In: Mosses, P.D., Nielsen, M. (eds.) CAAP 1995, FASE 1995, and TAPSOFT 1995. LNCS, vol. 915, pp. 575–590. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  39. Ørbæk, P., Palsberg, J.: Trust in the λ-calculus. J. Functional Programming 7(6), 557–591 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  40. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall, Englewood Cliffs (2006)

    MATH  Google Scholar 

  41. Russo, A., Sabelfeld, A.: Dynamic vs. static flow-sensitive security analysis. In: Proc. IEEE Computer Security Foundations Symposium (July 2010)

    Google Scholar 

  42. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  43. Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  44. Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. J. Computer Security 17(5), 517–548 (2009)

    Article  Google Scholar 

  45. Sandhu, R.S.: On five definitions of data integrity. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, pp. 257–267 (1994)

    Google Scholar 

  46. Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)

    Article  MathSciNet  Google Scholar 

  47. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Computer Security 4(3), 167–187 (1996)

    Article  Google Scholar 

  48. Winskel, G.: The Formal Semantics of Programming Languages: An Introduction. MIT Press, Cambridge (1993)

    MATH  Google Scholar 

  49. Zdancewic, S., Myers, A.C.: Robust declassification. In: Proc. IEEE Computer Security Foundations Workshop, pp. 15–23 (June 2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chalmers University of Technology, 412 96, Gothenburg, Sweden

    Arnar Birgisson, Alejandro Russo & Andrei Sabelfeld

Authors
  1. Arnar Birgisson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alejandro Russo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrei Sabelfeld
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

  2. Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar, 382007, Gujarat, India

    Anish Mathuria

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Birgisson, A., Russo, A., Sabelfeld, A. (2010). Unifying Facets of Information Integrity. In: Jha, S., Mathuria, A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17714-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17714-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17713-2

  • Online ISBN: 978-3-642-17714-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation