Skip to main content
SpringerLink
Log in

A Semantic Hierarchy for Erasure Policies

  • Conference paper
Information Systems Security (ICISS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7093))

Included in the following conference series:

Abstract

We consider the problem of logical data erasure, contrasting with physical erasure in the same way that end-to-end information flow control contrasts with access control. We present a semantic hierarchy for erasure policies, using a possibilistic knowledge-based semantics to define policy satisfaction such that there is an intuitively clear upper bound on what information an erasure policy permits to be retained. Our hierarchy allows a rich class of erasure policies to be expressed, taking account of the power of the attacker, how much information may be retained, and under what conditions it may be retained. While our main aim is to specify erasure policies, the semantic framework allows quite general information-flow policies to be formulated for a variety of semantic notions of secrecy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alur, R., Černý, P., Zdancewic, S.: Preserving Secrecy Under Refinement. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 107–118. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Askarov, A., Sabelfeld, A.: Gradual release: Unifying declassification, encryption and key release policies. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 207–221. IEEE Computer Society, Washington, DC, USA (2007)

    Google Scholar 

  3. Balliu, M., Dam, M., Le Guernic, G.: Epistemic temporal logic for information flow security. In: ACM SIGPLAN Sixth Workshop on Programming Languages and Analysis for Security (June 2011)

    Google Scholar 

  4. Banerjee, A.: Expressive declassification policies and modular static enforcement. In: Proc. IEEE Symp. on Security and Privacy, pp. 339–353 (2008)

    Google Scholar 

  5. Broberg, N., Sands, D.: Flow-sensitive semantics for dynamic information flow policies. In: ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security (PLAS 2009), June 15. ACM (2009)

    Google Scholar 

  6. Cheney, J.: A formal framework for provenance security. In: The 24th IEEE Computer Security Foundations Symposium (June 2011)

    Google Scholar 

  7. Chong, S., Myers, A.: Language-based information erasure. In: 18th IEEE Workshop on Computer Security Foundations, CSFW-18 2005, pp. 241–254 (June 2005)

    Google Scholar 

  8. Chong, S.: Expressive and Enforceable Information Security Policies. Ph.D. thesis, Cornell University (August 2008)

    Google Scholar 

  9. Chong, S., Myers, A.C.: End-to-end enforcement of erasure and declassification. In: CSF, pp. 98–111. IEEE Computer Society (2008)

    Google Scholar 

  10. Cohen, E.S.: Information transmission in sequential programs. In: DeMillo, R.A., Dobkin, D.P., Jones, A.K., Lipton, R.J. (eds.) Foundations of Secure Computation, pp. 297–335. Academic Press (1978)

    Google Scholar 

  11. Cousot, P.: Semantic foundations of program analysis. In: Muchnick, S., Jones, N. (eds.) Program Flow Analysis: Theory and Applications, ch.10, pp. 303–342. Prentice-Hall, Inc., Englewood Cliffs (1981)

    Google Scholar 

  12. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 238–252 (January 1977)

    Google Scholar 

  13. Del Tedesco, F., Hunt, S., Sands, D.: A semantic hierarchy for erasure policies (extended version). In: International Conference on Information System Security (2011), http://arxiv.org/abs/1109.6914

  14. Del Tedesco, F., Russo, A., Sands, D.: Implementing erasure policies using taint analysis. In: Aura, T. (ed.) The 15th Nordic Conference in Secure IT Systems. LNCS. Springer, Heidelberg (October 2010)

    Google Scholar 

  15. Del Tedesco, F., Sands, D.: A user model for information erasure. In: 7th International Workshop on Security Issues in Concurrency (SECCO 2009), pp. 16–30 (2009)

    Google Scholar 

  16. Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. J. Computer Security 3(1), 5–33 (1995)

    Article  Google Scholar 

  17. Giacobazzi, R., Mastroeni, I.: Abstract non-interference: Parameterizing non-interference by abstract interpretation. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 186–197 (January 2004)

    Google Scholar 

  18. Hunt, S., Sands, D.: Just Forget it – The Semantics and Enforcement of Information Erasure. In: Gairing, M. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 239–253. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  19. Hunt, S., Mastroeni, I.: The Per Model of Abstract Non-Interference. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 171–185. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Landauer, J., Redmond, T.: A lattice of information. In: Proc. IEEE Computer Security Foundations Workshop, pp. 65–70 (June 1993)

    Google Scholar 

  21. Mastroeni, I.: On the Rôle of Abstract Non-Interference in Language-Based Security. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 418–433. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. McLean, J.: Security models and information flow. In: Proc. IEEE Symp. on Security and Privacy, pp. 180–187 (May 1990)

    Google Scholar 

  23. Nanevski, A., Banerjee, A., Garg, D.: Verification of information flow and access control policies with dependent types. In: Proc. IEEE Symp. on Security and Privacy (2011)

    Google Scholar 

  24. O’Neill, K.R., Clarkson, M.R., Chong, S.: Information-flow security for interactive programs. In: CSFW 2006: Proceedings of the 19th IEEE Workshop on Computer Security Foundations, pp. 190–201. IEEE Computer Society, Washington, DC, USA (2006)

    Google Scholar 

  25. Plotkin, G.D.: A powerdomain construction. SIAM J. Comput. pp. 452–487 (1976)

    Google Scholar 

  26. Sabelfeld, A., Sands, D.: A Per Model of Secure Information Flow in Sequential Programs. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 40–58. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  27. Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. Higher-Order and Symbolic Computation 14(1), 59–91 (2001)

    Article  MATH  Google Scholar 

  28. Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security 15(5), 517–548 (2009)

    Article  Google Scholar 

  29. Sutherland, D.: A model of information. In: Proc. National Computer Security Conference, pp. 175–183 (September 1986)

    Google Scholar 

  30. Wei, M.Y.C., Grupp, L.M., Spada, F.E., Swanson, S.: Reliably erasing data from flash-based solid state drives. In: 9th USENIX Conference on File and Storage Technologies, San Jose, CA, USA, February 15-17, pp. 105–117. USENIX (2011)

    Google Scholar 

  31. Wittbold, J.T., Johnson, D.M.: Information flow in nondeterministic systems. In: IEEE Symposium on Security and Privacy, pp. 144–161 (1990)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chalmers University of Technology, Sweden

    Filippo Del Tedesco & David Sands

  2. City University London, UK

    Sebastian Hunt

Authors
  1. Filippo Del Tedesco
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastian Hunt
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Sands
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030-4422, Fairfax, VA, USA

    Sushil Jajodia

  2. Center for Distributed Computing, Jadavpur University, 7000032, Kolkata, India

    Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Del Tedesco, F., Hunt, S., Sands, D. (2011). A Semantic Hierarchy for Erasure Policies. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2011. Lecture Notes in Computer Science, vol 7093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25560-1_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25560-1_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25559-5

  • Online ISBN: 978-3-642-25560-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation