Confidentiality enforcement by hybrid control of information flows

TL;DR

This paper introduces a hybrid framework for enforcing confidentiality in information sharing, combining static analysis and dynamic monitoring to control information flows from multiple data sources to cooperation partners.

Contribution

It presents a novel unified approach that integrates static declassification with dynamic flow tracking for confidentiality enforcement in program-based data processing.

Findings

Framework effectively enforces confidentiality policies.

Hybrid control combines static and dynamic techniques.

Implemented in a Java environment for practical use.

Abstract

An information owner, possessing diverse data sources, might want to offer information services based on these sources to cooperation partners and to this end interact with these partners by receiving and sending messages, which the owner on his part generates by program execution. Independently from data representation or its physical storage, information release to a partner might be restricted by the owner's confidentiality policy on an integrated, unified view of the sources. Such a policy should even be enforced if the partner as an intelligent and only semi-honest attacker attempts to infer hidden information from message data, also employing background knowledge. For this problem of inference control, we present a framework for a unified, holistic control of information flow induced by program-based processing of the data sources to messages sent to a cooperation partner. Our framework expands on and combines established concepts for confidentiality enforcement and its verification and is instantiated in a Java environment. More specifically, as a hybrid control we combine gradual release of information via declassification, enforced by static program analysis using a security type system, with a dynamic monitoring approach. The dynamic monitoring employs flow tracking for generalizing values to be declassified under confidentiality policy compliance.