Hybrid approaches for enforcing security policies.

执行安全策略的混合方法。

• 批准号: RGPIN-2015-04461
• 负责人: Tawbi, Nadia
• 金额: $ 1.31万
• 依托单位: Université Laval
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2019
• 资助国家: 加拿大
• 起止时间: 2019-01-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=676887
• 关键词: Hybrid; approaches; enforcing; security; policies.

In our highly connected and highly computerized world, security issues are of major importance. ***Trusted systems need to communicate with untrustworthy parties exposing the users to a risk of information leakage or data corruption. It is urgent to find effective solutions to protect users. Despite major research efforts that have been devised, there still are many challenging problems to be explored.***My broad research aim is to contribute to the design of provably sound techniques, methods and enforcement mechanisms that enforce security policies at the level of applications. ***Mechanisms such as access control, encryption, firewalls, digital signatures, and antivirus scanning are either too restrictive, causing loss of flexibility, or unable to protect from newly introduced threats or malicious attacks. One of the underlying reasons is that they do not address the fundamental problem, which is tracking information flow in a fine-grained application-specific way. To do this one needs to analyze the code of an application; this research trend is known as "language-based security". In this research program, I will address information flow enforcement mechanisms that prevent information from flowing from a higher security level to a lower one or in a dual way to prevent lower security level data from corrupting higher ones. The main idea is to inspect the code of an application and control its execution in order to apply the policy. ***I will adopt the following objectives and methodological lines. ******1. Introducing the least overhead possible while reducing false positives. A hybrid approach combining static and dynamic analysis in an effective way is to be adopted. ***2. Dealing with declassification. Declassification means an intentional leak from higher security levels to lower ones. ***Information flow policy is very restrictive; real-world applications release information as part of their intended function. For instance, login procedures, communication of encrypted data, or voting systems do not comply with information-flow policy. Release of some information must be allowed but controlled to prevent non-intended leaks. ******3. Designing mechanisms that target more expressive languages such as concurrent languages. More challenging issues may appear such as timing channels, which cause leaks due to attackers' capacity to observe time. Extensive data-flow analysis and semantic models suitable to concurrency will be adopted. ***4. Quantifying the amount of leakage in a probabilistic framework. The aim is to relax non-interference and tolerate some quantified leaks. ***5. Leveraging all these techniques to a real world language. *********The results will provide practical and theoretical foundations for the development of effective and robust mechanisms to preserve the confidentiality and the integrity of their data. *** **

在我们这个高度互联和高度计算机化的世界中，安全问题至关重要。 * 可信系统需要与不可信方通信，使用户面临信息泄露或数据损坏的风险。迫切需要找到有效的解决方案来保护用户。尽管已经做出了重大的研究努力，但仍有许多具有挑战性的问题有待探索。我广泛的研究目标是有助于设计可证明的合理技术，方法和执行机制，在应用程序级别执行安全策略。* 访问控制、加密、防火墙、数字签名和防病毒扫描等机制要么限制性太强，导致灵活性丧失，要么无法抵御新引入的威胁或恶意攻击。其中一个根本原因是它们没有解决根本问题，即以细粒度的特定于应用程序的方式跟踪信息流。要做到这一点，需要分析应用程序的代码;这种研究趋势被称为“基于语言的安全性”。在这项研究计划中，我将解决信息流执行机制，防止信息从较高的安全级别流向较低的安全级别，或者以双重方式防止较低安全级别的数据损坏较高的安全级别。其主要思想是检查应用程序的代码并控制其执行以应用策略。* 我将采用以下目标和方法。*1.引入尽可能少的开销，同时减少误报。 将采用一种有效的静态和动态分析相结合的混合方法。***2。处理解密。解密意味着从更高的安全级别到更低的安全级别的故意泄漏。*** 信息流政策非常严格;实际应用程序发布信息是其预期功能的一部分。例如，登录程序、加密数据通信或投票系统不符合信息流动政策。必须允许发布某些信息，但要加以控制，以防止非预期的泄露。3.设计面向更具表达力的语言（如并发语言）的机制。可能会出现更具挑战性的问题，例如时间通道，由于攻击者观察时间的能力，这会导致泄漏。将采用广泛的数据流分析和适用于并发的语义模型。*4。在概率框架内量化泄漏量。其目的是放松不干涉和容忍一些量化的泄漏。*5。将所有这些技术应用于真实的世界语言。* 研究结果将为制定有效和强有力的机制以保护其数据的机密性和完整性提供实践和理论基础。*** **