RIF: Reactive information flow labels Kozyri, Elisavet; Schneider, Fred B.
Journal of computer security,
01/2020, Letnik:
28, Številka:
2
Journal Article
Recenzirano
Odprti dostop
Restrictions that a reactive information flow (RIF) label imposes on a value are determined by the sequence of operations used to derive that value. This allows declassification, endorsement, and ...other forms of reclassification to be supported in a uniform way. Piecewise noninterference (PWNI) is introduced as a fitting security policy, because noninterference is not suitable. A type system is given for static enforcement of PWNI in programs that associate checkable classes of RIF labels with variables. Two checkable classes of RIF labels are described: RIF automata are general-purpose and based on finite-state automata; κ-labels concern confidentiality in programs that use cryptographic operations.
Doctrine for Cybersecurity Mulligan, Deirdre K.; Schneider, Fred B.
Daedalus (Cambridge, Mass.),
09/2011, Letnik:
140, Številka:
4
Journal Article
Recenzirano
Odprti dostop
A succession of doctrines for enhancing cybersecurity has been advocated in the past, including prevention, risk management, and deterrence through accountability. None has proved effective. ...Proposals that are now being made view cybersecurity as a public good and adopt mechanisms inspired by those used for public health. This essay discusses the failings of previous doctrines and surveys the landscape of cybersecurity through the lens that a new doctrine, public cybersecurity, provides.
Theft of secrets is nothing new. Nor is it new to publicize stolen secrets with hopes
of influencing (or instigating) leadership changes in government. So the theft of
confidential information being ...stored by the Democratic National Committee (DNC) is
part of a long tradition, albeit perpetrated in a new venue: cyberspace.
Quantifying information flow with beliefs Clarkson, Michael R.; Myers, Andrew C.; Schneider, Fred B.
Journal of computer security,
01/2009, Letnik:
17, Številka:
5
Journal Article
Recenzirano
Odprti dostop
To reason about information flow, a new model is developed that describes how attacker beliefs change due to the attacker's observation of the execution of a probabilistic (or deterministic) program. ...The model enables compositional reasoning about information flow from attacks involving sequences of interactions. The model also supports a new metric for quantitative information flow that measures accuracy of an attacker's beliefs. Applying this new metric reveals inadequacies of traditional information flow metrics, which are based on reduction of uncertainty. However, the new metric is sufficiently general that it can be instantiated to measure either accuracy or uncertainty. The new metric can also be used to reason about misinformation; deterministic programs are shown to be incapable of producing misinformation. Additionally, programs in which nondeterministic choices are made by insiders, who collude with attackers, can be analyzed.
The omni-kernel architecture is designed around pervasive monitoring and scheduling. Motivated by new requirements in virtualized environments, this architecture ensures that all resource consumption ...is measured, that resource consumption resulting from a scheduling decision is attributable to an activity, and that scheduling decisions are fine-grained. Vortex , implemented for multi-core x86-64 platforms, instantiates the omni-kernel architecture, providing a wide range of operating system functionality and abstractions. With Vortex, we experimentally demonstrated the efficacy of the omni-kernel architecture to provide accurate scheduler control over resource allocation despite competing workloads. Experiments involving Apache, MySQL, and Hadoop quantify the cost of pervasive monitoring and scheduling in Vortex to be below <inline-formula><tex-math>6</tex-math> <inline-graphic xlink:type="simple" xlink:href="kvalnes-ieq1-2362540.gif"/> </inline-formula> percent of cpu consumption.