TY - GEN
T1 - An Information Flow Security Logic for Permission-Based Declassification Strategy
AU - Dong, Zhenheng
AU - Zhao, Yongxin
AU - Wang, Qiang
N1 - Publisher Copyright:
© 2022 Knowledge Systems Institute Graduate School. All rights reserved.
PY - 2022
Y1 - 2022
N2 - With the increasing popularity of smartphones and the rapid development of mobile network, ensuring the security of mobile applications becomes more and more important, which has received substantial attention from both academia and industry. Information flow security, as a prominent approach to system and network security, aims at ensuring high security level information would not be accessed by analyzing the information with lower security levels. In this paper, we design a novel information flow security logic to reason about the security of mobile applications, leveraging on the idea of permission based declassification. Firstly, we propose a formal language with permission check branches, through which the access to the confidential information can be controlled. Then we present our novel information flow security logic based on the permission based declassification strategy, which can make the reasoning more precise by degrading the security level of the specific information. Finally, we demonstrate the usability of our logic via examples.
AB - With the increasing popularity of smartphones and the rapid development of mobile network, ensuring the security of mobile applications becomes more and more important, which has received substantial attention from both academia and industry. Information flow security, as a prominent approach to system and network security, aims at ensuring high security level information would not be accessed by analyzing the information with lower security levels. In this paper, we design a novel information flow security logic to reason about the security of mobile applications, leveraging on the idea of permission based declassification. Firstly, we propose a formal language with permission check branches, through which the access to the confidential information can be controlled. Then we present our novel information flow security logic based on the permission based declassification strategy, which can make the reasoning more precise by degrading the security level of the specific information. Finally, we demonstrate the usability of our logic via examples.
KW - Formal Language and Logic
KW - Information Flow Security
KW - Mobile Applications
KW - Permission-Based Declassification
UR - https://www.scopus.com/pages/publications/85137166369
U2 - 10.18293/SEKE2022-134
DO - 10.18293/SEKE2022-134
M3 - 会议稿件
AN - SCOPUS:85137166369
T3 - Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE
SP - 519
EP - 524
BT - SEKE 2022 - Proceedings of the 34th International Conference on Software Engineering and Knowledge Engineering
PB - Knowledge Systems Institute Graduate School
T2 - 34th International Conference on Software Engineering and Knowledge Engineering, SEKE 2022
Y2 - 1 July 2022 through 10 July 2022
ER -