Information Flow Control with Minimal Tag Disclosure

Proceedings of the International Conference on Internet of things and Cloud Computing Pub Date : 2016-03-22 DOI:10.1145/2896387.2896402

Hajoon Ko, Jatinder Singh, Thomas Pasquier, Changyu Dong, D. Eyers, J. Bacon

{"title":"Information Flow Control with Minimal Tag Disclosure","authors":"Hajoon Ko, Jatinder Singh, Thomas Pasquier, Changyu Dong, D. Eyers, J. Bacon","doi":"10.1145/2896387.2896402","DOIUrl":null,"url":null,"abstract":"Information Flow Control (IFC) extends conventional access control beyond application boundaries, and allows control of data flows after a point of authorised data disclosure. In a deployment of IFC within a cloud operating system (OS), the IFC implementation can be trusted by applications running over the same OS instance. In an IFC deployment within a widely distributed system, such as in the Internet of Things, the potential for trustworthy enforcement of IFC must be ascertained during connection establishment. IFC is based on tagging data in line with data management requirements. When audit is included as part of IFC, it can be shown that a system complies with these requirements. In this paper, we consider the possibility that some tags may be sensitive and discuss the use of Private Set Intersection (PSI) to prevent unnecessary disclosure of IFC tags during the establishment of communication channels. The proposed approach guarantees that on authorised flows, only the tags necessary for that interaction are disclosed and that no tags are disclosed for prevented flows. This functionality is particularly important in contexts such as healthcare, where privacy and confidentiality are paramount.","PeriodicalId":342210,"journal":{"name":"Proceedings of the International Conference on Internet of things and Cloud Computing","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the International Conference on Internet of things and Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2896387.2896402","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Information Flow Control (IFC) extends conventional access control beyond application boundaries, and allows control of data flows after a point of authorised data disclosure. In a deployment of IFC within a cloud operating system (OS), the IFC implementation can be trusted by applications running over the same OS instance. In an IFC deployment within a widely distributed system, such as in the Internet of Things, the potential for trustworthy enforcement of IFC must be ascertained during connection establishment. IFC is based on tagging data in line with data management requirements. When audit is included as part of IFC, it can be shown that a system complies with these requirements. In this paper, we consider the possibility that some tags may be sensitive and discuss the use of Private Set Intersection (PSI) to prevent unnecessary disclosure of IFC tags during the establishment of communication channels. The proposed approach guarantees that on authorised flows, only the tags necessary for that interaction are disclosed and that no tags are disclosed for prevented flows. This functionality is particularly important in contexts such as healthcare, where privacy and confidentiality are paramount.

查看原文本刊更多论文

最小标签披露的信息流控制

信息流控制(IFC)将传统的访问控制扩展到应用程序边界之外，并允许在授权的数据披露点之后控制数据流。在云操作系统(OS)中的IFC部署中，IFC实现可以被运行在同一操作系统实例上的应用程序所信任。在广泛分布的系统(例如物联网)中部署IFC时，必须在连接建立期间确定IFC可信执行的潜力。IFC的基础是根据数据管理要求标记数据。当审计作为IFC的一部分被包括在内时，它可以显示系统符合这些要求。在本文中，我们考虑到某些标签可能是敏感的，并讨论了使用私有集交集(PSI)来防止在通信通道建立过程中不必要的IFC标签泄露。所建议的方法保证在已授权的流上，只公开交互所需的标签，而不公开被阻止的流的标签。此功能在隐私和机密性至关重要的医疗保健等环境中尤为重要。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the International Conference on Internet of things and Cloud Computing

自引率

0.00%

发文量