There is something seductive about information flow as a security policy. You can state a very clear and concise policy (for example, "forbid my GPS location information from flowing to the network"), which seems to more closely capture our intuition for right and wrong than the sorts of policies that smartphone operating systems like iOS and Android seek to enforce today (more like "give this app your GPS location, yes or no, and you have no say over how it's used"). Information flow research dates back to the early 1970s. Although much of the original computer science theory and systems were developed around modeling the military's rules for handling classified, secret, and top-secret data, information flow policies and techniques are perfectly valuable today and we can benefit from this earlier work.
An excellent foundational reference is Dorothy and Peter Denning's landmark 1977 paper, "Certifying Programs for Secure Information Flow," which pursued a static analysis strategy and appeared in Communications.a At the same time, others were pursuing hardware or runtime-based solutions. A lot of the complexity then, as now, comes when the control flow of the program depends on sensitive values (for example, "if my GPS location is in Washington D.C., then behave differently"), never mind unusual control flows (for example, interrupt handlers, exceptions, indirect branches) and ambiguous data references (pointer dereferencing, array indexing). Tracking all of this in hardware requires extra computation and state, while analyzing it statically can induce false alarms over execution paths that might never happen at runtime.
No entries found