当前位置: X-MOL 学术Secur. Commun. Netw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Noninterference Model for Mobile OS Information Flow Control and Its Policy Verification
Security and Communication Networks Pub Date : 2021-08-25 , DOI: 10.1155/2021/2481818
Zhanhui Yuan 1 , Wenfa Li 2 , Zhi Yang 1 , Lei Sun 1 , Xuehui Du 1 , Hongqi Zhang 1
Affiliation  

Mobile operating systems such as Android are facing serious security risk. First, they have a large number of users and store a large number of users’ private data, which have become major targets of network attack; second, their openness leads to high security risks; third, their coarse-grained static permission control mechanism leads to a large number of privacy leaks. Recent decentralized information flow control (DIFC) operating systems such as Asbestos, HiStar, and Flume dynamically adjust the label of each process. Asbestos contains inherent covert channels due to this implicit label adjustment. The others close these covert channels through the use of explicit label change, but this impedes communication and increases performance overhead. We present an enhanced implicit label change model (EILCM) for mobile operating systems that can close the known covert channel in these models with implicit label change and supports dynamic constraints on tags for separation of duty. We also formally analyze the reasons why EILCM can close the known covert channels and prove that abstract EILCM systems have the security property of noninterference with declassification by virtue of the model checker tool FDR. We also prove that the problem of EILCM policy verification is NP-complete and propose a backtrack-based search algorithm to solve the problem. Experiments are presented to show that the algorithm is effective.

中文翻译:

移动操作系统信息流控制的无干扰模型及其策略验证

安卓等移动操作系统面临严重的安全风险。一是拥有大量用户,存储了大量用户隐私数据,成为网络攻击的主要目标;二是开放性导致安全风险高;第三,他们粗粒度的静态权限控制机制导致了大量的隐私泄露。最近的去中心化信息流控制(DIFC)操作系统如 Asbestos、HiStar、Flume 等动态调整每个进程的标签。由于这种隐式标签调整,石棉包含固有的隐蔽通道。其他人通过使用显式标签更改来关闭这些隐蔽通道,但这会阻碍通信并增加性能开销。我们为移动操作系统提出了一种增强的隐式标签更改模型 (EILCM),该模型可以通过隐式标签更改关闭这些模型中的已知隐蔽通道,并支持对标签进行动态约束以实现职责分离。我们还正式分析了 EILCM 能够关闭已知隐蔽通道的原因,并借助模型检查工具 FDR 证明抽象 EILCM 系统具有不干扰解密的安全属性。我们还证明了 EILCM 策略验证的问题是 NP 完全的,并提出了一种基于回溯的搜索算法来解决该问题。实验表明该算法是有效的。我们还正式分析了 EILCM 能够关闭已知隐蔽通道的原因,并借助模型检查工具 FDR 证明抽象 EILCM 系统具有不干扰解密的安全属性。我们还证明了 EILCM 策略验证的问题是 NP 完全的,并提出了一种基于回溯的搜索算法来解决该问题。实验表明该算法是有效的。我们还正式分析了 EILCM 能够关闭已知隐蔽通道的原因,并借助模型检查工具 FDR 证明抽象 EILCM 系统具有不干扰解密的安全属性。我们还证明了 EILCM 策略验证的问题是 NP 完全的,并提出了一种基于回溯的搜索算法来解决该问题。实验表明该算法是有效的。
更新日期:2021-08-25
down
wechat
bug