| 31 | 0 | 31 |
| 下载次数 | 被引频次 | 阅读次数 |
鲁棒性降密策略限制攻击者不能通过向程序注入攻击代码而获取超出允许释放范围的敏感信息,但是该降密策略缺乏对超额释放的敏感信息的定量分析,限制性过强.为此,基于转移系统,建立了程序的形式化模型;基于信息格,提出了信息降密的鲁棒率定义,对程序中信息降密的鲁棒性进行度量;基于等价类,提出了信息降密鲁棒性的定量分析方法;基于有界模型检测方法,实现了信息降密鲁棒性的自动化定量分析.实践证明,该方法从量的角度对信息降密的鲁棒性进行了放松,实现了富有弹性的信息降密鲁棒性的控制.
Abstract:Robust declassification strategy prevents attackers from injecting attacking code into the programs so that the sensitive information cannot be obtained by them. However, lacking of quantitative analysis of extra released sensitive information it is criticized for being too restrictive. In order to solve this problem, the formal models of programs based on transition systems were put forward. The robustness rate of declassification was proposed to measure the robust declassification based on information lattice. Meanwhile, quantitative analysis method for robustness of declassification based on equivalence classes was also proposed, later automatic quantitative analysis of robustness of declassification based on bounded model checking method was implemented. The findings indicated that the restrictiveness of robustness of declassification from the quantitative aspect by the method was relaxed, and the flexible control of robust declassification was achieved as expected.
[1]Goguen J A,Meseguer J.Security policies and security models[C]//Proceedings of the 1982 Symposium on Security and Privacy,April 26-28,1982,Oakland,CA.New York:IEEE Xplore,1982:11-20.
[2]Sabelfeld A,Sands D.Declassification:dimensions and principles[J].Journal of Computer Security,2009,17(5):517-548.
[3]Zhu Hao,Zhuang Yi,Xue Yu,et al.Declassification policy based on content and location dimensions[J].Computer Science,2012,39(8):153-157.
[4]Askarov A,Myers A.A semantic framework for declassification and endorsement[C]//Proceedings of the 19th European Conference on Programming,Languages and Systems,March 20-28,2010,Paphos,Cyprus.Berlin:Springer-Verlag,2010:64-84.
[5]姜励,陈健,平玲娣,等.多线程程序的信息抹除和降密安全策略[J].浙江大学学报:工学版,2010,44(5):854-862.
[6]Lux A,Mantel H,Perner M.Scheduler-independent declassification[C]//Proceedings of the 11th International Conference,June 25-27,2012,Madrid,Spain.Berlin:SpringerVerlag,2012:25-47.
[7]李沁,袁志祥.一种宽容的多线程程序内部时间信息流类型系统[J].计算机科学,2014,41(3):163-168.
[8]Myers A C,Sabelfeld A,Zdancewic S.Enforcing robust declassification and qualified robustness[J].Journal of Computer Security,2006,14(2):157-196.
[9]van der Meyden R.Architectural refinement and notions of intransitive noninterference[J].Formal Aspects of Computing,2012,24(4/5/6):769-792.
[10]Landauer J,Redmond T.A lattice of informa tion[C]//Proceedings of Computer Security Foundations Workshop VI,June 15-17,1993,Franconia,NH.New York:IEEE Xplore,1993:65-70.
[11]Nakamura Y.Entropy and semivaluations on semilattices[J].Kodai Mathematical Journal,1970,22(4):443-468.
[12]Heusser J,Malacaria P.Quantifying information leaks in software[C]//Proceedings of the 26th Annual Computer Security Applications Conference,Austin,Texas.New York:ACM,2010:261-269.
[13]Yasuoka H,Terauchi T.Quantitative information flowverification hardness and possibilities[C]//Proceedings of2010 23rd IEEE Computer Security Foundations Symposium(CSF),July 17-19,2010,Edinburgh.New York:IEEE Xplore,2010:15-27.
[14]Clarke E,Kroening D,Lerda F.A tool for checking ANSI-C programs[C]//Proceedings of the 10th Joint European Conference on Theory and Practice of Software,March 29-April 2,2004,Barcelona,Spain.Berlin:SpringerVerlag,2004:168-176.
[15]朱浩,庄毅,薛羽,等.基于信息格的降密策略[J].计算机与数字工程,2012,40(10):76-80.
基本信息:
DOI:
中图分类号:TP309
引用信息:
[1]金丽,朱浩.信息降密的鲁棒性模型检测[J],2015,14(02):1-6.
基金信息:
江苏省博士后科研资助计划项目(1401022C);; 南通大学博士科研启动基金项目(14B22)