The Anatomy and Facets of Dynamic Policies
Niklas Broberg, Bart van Delft, David Sands
TL;DR
This paper synthesizes existing knowledge on dynamic information flow policies, introducing facets to clarify semantics, examining policy anatomy, and exploring the relation to declassification to improve reasoning frameworks.
Contribution
It introduces the concept of facets for better understanding of dynamic policies and analyzes the anatomy and expressiveness of policy specification mechanisms.
Findings
Facets illuminate subtleties in policy semantics.
Analysis of policy anatomy enhances understanding.
Exploration of declassification links to dynamic policies.
Abstract
Information flow policies are often dynamic; the security concerns of a program will typically change during execution to reflect security-relevant events. A key challenge is how to best specify, and give proper meaning to, such dynamic policies. A large number of approaches exist that tackle that challenge, each yielding some important, but unconnected, insight. In this work we synthesise existing knowledge on dynamic policies, with an aim to establish a common terminology, best practices, and frameworks for reasoning about them. We introduce the concept of facets to illuminate subtleties in the semantics of policies, and closely examine the anatomy of policies and the expressiveness of policy specification mechanisms. We further explore the relation between dynamic policies and the concept of declassification.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Network Security and Intrusion Detection