..............................
..............................
..............................
Language Based Information Routing Security: Policy Enforcement
Languages-based security promises to be a powerful tool with which provably secure routing applications may be
developed. Programs written in these languages enforce a strong policy of non-interference, which ensures that high-security
data will not be observable on low-security channels. The information routing security proposed aim to fill the gap between
representation and enforcement by implementing and integrating the divers security services needed by policy. Policy is
enforced by the run-time compiler and executions based mechanism to information violating routing policy and regulation of
security services. Checking the routing requirements of explicit route achieves this result for statements involving explicit
route. Unfortunately, such classification is often expressed as an operation within a given program, rather than as part of a
policy, making reasoning about the security implications of a policy more difficult. We formalize our approach for a C++ like
language and prove a modified form of our non-interference method. We have implemented our approach as an extension to C
and provide some of our experience using it to build a secure information routing.
[1] Askarov L. and Sabelfeld A., Secure Implementation of Cryptographic Protocols: A Case Study of Mutual Distrust, in Proceedings of the 10 th European Symposium on Research in Computer Security ESORICS 05 , pp. 1-5, Italy, 2005.
[2] Bell D. and La Padula L., Secure Computer Systems, Mathematical Foundations Technical Report , 1973.
[3] Chong S. and Myers A., Decentralized Robustness, in Proceedings of the 19 th IEEE Computer Security Foundations Workshop , pp. 321-334, USA, 2006.
[4] Denning D., Cryptography and Data Security , Reading , MA, 1982.
[5] Goguen J. and Meseguer J., Security Policies and Security Models, in Proceedings of IEEE Symposium on Security and Privacy, pp. 11-20, USA, 1982.
[6] Hicks B., King D., McDaniel P., and Hicks M., Trusted Declassification: High-Level Policy for a Security-Typed Language, in Proceedings of Workshop on Programming Languages and Analysis for Security , pp. 65-74, Canada, 2006.
[7] Kent S. and Atkinson R., Security Architecture for the Internet Protocol, Internet Engineering Task Force Journal , vol. 37, no. 1, pp. 1, 1998.
[8] Mantel H. and Sabelfeld A., A Unifying Approach to the Security of Distributed and Multi Threaded 98 The International Arab Journal of Information Technology, Vol. 6, No. 1, January 2009 Programs, Journal of Computer Security , vol. 11, no. 4, pp. 615-676, 2003.
[9] Myers C., Mostly-static Decentralized Information Flow Control, Technical Report MIT/LCS/TR-783 , 1999.
[10] Myers C., Nystrom N., Zheng L., and Zdancewic S., Jif: Java + Information Flow, www.cs.cornell.edu/jif, July 2001.
[11] Montgomery D. and Murphy S., Towards Secure Routing Infrastructures, IEEE Security & Privacy, vol. 4, no. 5, pp 84-87, 2006.
[12] Pottier F. and Simonet V., Information Flow Inference for ML, in Proceedings of Principles of Programming Languages (POPL) , pp. 319- 330, USA, 2002.
[13] Sabelfeld A. and Myers A., Language Based Information Flow Security, IEEE Journal on Selected Areas in Communications , vol. 21, no. 1, pp. 5-19, 2003.
[14] Simonet V., FlowCaml in a Nutshell in Hutton, in Proceedings of the First APPSEM-II Workshop , pp. 152-165, UK, 2003.
[15] The Internet Engineering Task Force, www.ietf. org/html.charters/rpsec-charter.httm, 2006
[16] Volpano D. and Smith G., Probabilistic Noninterference in a Concurrent Language, Journal of Computer Security , vol. 7, no. 2, pp. 231-253, 1999.
[17] Volpano D., Smith G., and Irvine C., A Sound Type System for Secure Flow Analysis, Journal of Computer Security , vol. 4, no. 3, pp. 167-187, 1996.
[18] Ylonen T., SSH: Secure Login Connections Over the Internet, in Proceedings of 6 th USENIX UNIX Security Symposium , pp. 37-42, Korea, 1996.
[19] Zdancewic S., A Type System for Robust Declassification, in Proceedings of the Nineteenth Conference on the Mathematical Foundations of Programming Semantics , pp. 47- 66, Berlin, 2003. George Oreku received his Master in computer science from University of Odessa Polytechnic in 2002. He is currently a PhD candidate at the Department of Computer Science and Engineering, Harbin Institute of Technology, Harbin, China. Li Jianzhong the director of the Department of Computer Science and Engineering at the Harbin Institute of technology, China. Also he is a part-time professor in FuDan University and RenMin University of China. Fredrick Mtenzi is a supervisor of postgraduate students, lecturing systems security and cryptography, security and forensics, security and cryptography advanced research, and proposal writing at school of Computing Dublin Institute of Technology, Ireland.