Towards a General-Purpose Dynamic Information Flow Policy

TL;DR

This paper introduces Dynamic Release, a flexible and formalized dynamic information flow policy that generalizes existing policies and adapts to changing security requirements during program execution.

Contribution

It presents a novel framework for dynamic policies, formalizes Dynamic Release, and demonstrates its applicability and correctness across various scenarios.

Findings

Dynamic Release generalizes declassification, erasure, delegation, and revocation.

It is the only dynamic policy applicable and correct on a comprehensive benchmark.

The framework enables comparison of different dynamic policies in the literature.

Abstract

Noninterference offers a rigorous end-to-end guarantee for secure propagation of information. However, real-world systems almost always involve security requirements that change during program execution, making noninterference inapplicable. Prior works alleviate the limitation to some extent, but even for a veteran in information flow security, understanding the subtleties in the syntax and semantics of each policy is challenging, largely due to very different policy specification languages, and more fundamentally, semantic requirements of each policy. We take a top-down approach and present a novel information flow policy, called Dynamic Release, which allows information flow restrictions to downgrade and upgrade in arbitrary ways. Dynamic Release is formalized on a novel framework that, for the first time, allows us to compare and contrast various dynamic policies in the literature. We show that Dynamic Release generalizes declassification, erasure, delegation and revocation. Moreover, it is the only dynamic policy that is both applicable and correct on a benchmark of tests with dynamic policy.