skip to main content
10.1145/2000229.2000241acmconferencesArticle/Chapter ViewAbstractPublication PagescbseConference Proceedingsconference-collections
research-article

Automating information flow control in component-based distributed systems

Published: 20 June 2011 Publication History

Abstract

Automating the construction of secure distributed systems becomes necessary. Indeed, developing security code requires a deep expertise and verifying that the developed code respects the specified policy is a tedious task. In this paper, we define a toolkit called CIF (Component Information Flow) that automates the development of secure distributed systems. The developer defines the security properties through a policy configuration file. When this configuration is validated, that is no security leak is detected, the system security code is generated. A performance evaluation of an implemented use case shows the effectiveness of the approach.

References

[1]
Object security site, 2001. http://www.objectsecurity.com.
[2]
Jif web site, 2002. http://www.cs.cornell.edu/jif/.
[3]
Software metrics eclipse plugin, 2003. http://metrics.sourceforge.net.
[4]
Yourkit java profiler, 2005. http://www.yourkit.com/.
[5]
Enhancing IT Security with Trusted Computing Group, November 2006. Dell Power Solutions.
[6]
OSOA web site, 2007. http://www.osoa.org/.
[7]
The Trusted Platform Module, March 2009. https://www.trustedcomputinggroup.org/.
[8]
P. Adão and C. Fournet. Cryptographically sound implementations for communicating processes. In ICALP (2), pages 83--94. Springer, 2006.
[9]
D. Basin, J. Doser, and T. Lodderstedt. Model driven security: From uml models to access control infrastructures. ACM Trans. Softw. Eng. Methodol., 15(1):39--91, 2006.
[10]
M. Beisiegel, H. Blohm, D. Booz, M. Edwards, O. Hurley, S. Ielceanu, A. Miller, A. Karmarkar, A. Malhotra, and J. Marino. SCA service component architecture-assembly model specification. SCA Version 0.9, November, 2005.
[11]
D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and multics interpretation. Technical Report ESD-TR-75-306, MITRE Corp. MTR-2997, Bedford, MA, 1975. Available at NTIS AD-A023 588.
[12]
K. J. Biba. Integrity considerations for secure computer systems. Technical report, USAF Electronic Systems Division, Bedford, MA, 1977.
[13]
L. Chmielewski, R. Brinkman, J.-H. Hoepman, and B. Bos. Using jason to secure soa. In Middleware Security, pages 13--18, 2008.
[14]
S. Chong, K. Vikram, and A. C. Myers. Sif: Enforcing confidentiality and integrity in web applications. In Proceedings of the 16th USENIX Security Symposium, pages 1--16, August 2007.
[15]
J. Courant, C. Ene, and Y. Lakhnech. Computationally sound typing for non-interference: the case of deterministic encryption. In Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science, FSTTCS'07, pages 364--375, Berlin, Heidelberg, 2007. Springer-Verlag.
[16]
D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7):504--513, 1977.
[17]
P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the asbestos operating system. SIGOPS Oper. Syst. Rev., 39(5):17--30, 2005.
[18]
D. M. Eyers, B. Roberts, J. Bacon, I. Papagiannis, M. Migliavacca, P. Pietzuch, and B. Shand. Event-processing middleware with information flow control. In Middleware '09: Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware, pages 1--2, New York, NY, USA, 2009. Springer-Verlag New York, Inc.
[19]
C. Fournet, G. Le Guernic, and T. Rezk. A security-preserving compiler for distributed programs: from information-flow policies to cryptographic mechanisms. In CCS '09: Proceedings of the 16th ACM conference on Computer and communications security, pages 432--441, New York,USA, 2009. ACM.
[20]
C. Fournet and T. Rezk. Cryptographically sound implementations for typed information-flow security. In POPL, pages 323--335. ACM, 2008.
[21]
J. A. Goguen and J. Meseguer. Security policies and security models. In IEEE Symposium on Security and Privacy, pages 11--20, 1982.
[22]
N. Heintze and J. G. Riecke. The slam calculus: Programming with secrecy and integrity. In POPL, pages 365--377, 1998.
[23]
M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard os abstractions. SIGOPS Oper. Syst. Rev., 41(6):321--334, 2007.
[24]
P. Laud. Semantics and program analysis of computationally secure information flow. In Proceedings of the 10th European Symposium on Programming Languages and Systems, ESOP '01, pages 77--91, London, UK, 2001. Springer-Verlag.
[25]
P. Laud. On the computational soundness of cryptographically masked flows. In Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '08, pages 337--348, New York, NY, USA, 2008. ACM.
[26]
N. Nystrom, M. R. Clarkson, and A. C. Myers. Polyglot: An extensible compiler framework for java. In In 12th International Conference on Compiler Construction, pages 138--152. Springer-Verlag, 2003.
[27]
A. Sabelfeld and D. Sands. Declassification: Dimensions and principles. In Proceedings of the 18th IEEE Workshop on Computer Security Foundations (CSFW'05), pages 255--269, 2005.
[28]
D. M. Volpano, C. E. Irvine, and G. Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4(2/3):167--188, 1996.
[29]
S. Zdancewic. Challenges for information-flow security. In Proceedings of the 1st International Workshop on the Programming Language Interference and Dependence (PLID'04). Citeseer, 2004.
[30]
S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Secure program partitioning. ACM Trans. Comput. Syst., 20(3):283--328, 2002.
[31]
N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in histar. In OSDI '06: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pages 19--19, Berkeley, CA, USA, 2006. USENIX Association.
[32]
N. Zeldovich, S. B. Wickizer, and D. Mazières. Securing distributed systems with information flow control. In NSDI'08: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, pages 293--308, Berkeley, CA, USA, 2008. USENIX Association.

Cited By

View all
  • (2022)Detecting violations of access control and information flow policies in data flow diagramsJournal of Systems and Software10.1016/j.jss.2021.111138184:COnline publication date: 1-Feb-2022
  • (2020)Information Flow-Based Security Construction for Compositional Interface AutomataTrusted Computing and Information Security10.1007/978-981-15-3418-8_3(31-43)Online publication date: 20-Feb-2020
  • (2019)Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis2019 IEEE International Conference on Software Architecture (ICSA)10.1109/ICSA.2019.00028(191-200)Online publication date: Mar-2019
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CBSE '11: Proceedings of the 14th international ACM Sigsoft symposium on Component based software engineering
June 2011
214 pages
ISBN:9781450307239
DOI:10.1145/2000229
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 June 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. component-based distributed system
  2. information flow control
  3. secure system configuration and deployment

Qualifiers

  • Research-article

Conference

Comparch '11
Sponsor:

Acceptance Rates

Overall Acceptance Rate 55 of 147 submissions, 37%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Detecting violations of access control and information flow policies in data flow diagramsJournal of Systems and Software10.1016/j.jss.2021.111138184:COnline publication date: 1-Feb-2022
  • (2020)Information Flow-Based Security Construction for Compositional Interface AutomataTrusted Computing and Information Security10.1007/978-981-15-3418-8_3(31-43)Online publication date: 20-Feb-2020
  • (2019)Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis2019 IEEE International Conference on Software Architecture (ICSA)10.1109/ICSA.2019.00028(191-200)Online publication date: Mar-2019
  • (2019)Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures2019 IEEE International Conference on Software Architecture (ICSA)10.1109/ICSA.2019.00015(61-70)Online publication date: Mar-2019
  • (2019)E2SM: a security tool for adaptive cloud‐based service‐oriented applicationsIET Software10.1049/iet-sen.2018.501613:1(3-13)Online publication date: Feb-2019
  • (2018)An End-to-End Security Model for Adaptive Service-Oriented ApplicationsService-Oriented Computing – ICSOC 2017 Workshops10.1007/978-3-319-91764-1_4(43-54)Online publication date: 16-Jun-2018
  • (2017)Enforcing Generalized Refinement-Based Noninterference for Secure Interface Composition2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)10.1109/COMPSAC.2017.118(586-595)Online publication date: Jul-2017
  • (2016)A Model-Based Approach to Secure Multiparty Distributed SystemsLeveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques10.1007/978-3-319-47166-2_62(893-908)Online publication date: 5-Oct-2016
  • (2015)A Robust Framework for Securing Composed Web ServicesRevised Selected Papers of the 12th International Conference on Formal Aspects of Component Software - Volume 953910.1007/978-3-319-28934-2_6(105-122)Online publication date: 14-Oct-2015
  • (2015)Applying RoBuSt Method for Robustness Testing of the Non-interference PropertyComputer and Information Science 201510.1007/978-3-319-23467-0_12(171-188)Online publication date: 17-Oct-2015
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media