Practical Information Flow Control in Real-World Systems: Cryptography, Reference Monitor, and Confidential Computing
Guardado en:
| Publicado en: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Autor principal: | |
| Publicado: |
ProQuest Dissertations & Theses
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | In an era of increasingly complex and security-critical software systems, the ability to reason about how information propagates during program execution is essential to ensuring confidentiality and integrity. Information flow control provides a principled foundation for enforcing such guarantees. Classical information flow control approaches, grounded in noninterference and supported by rich formal foundations, have played a substantial role in the development of language-based security and secure system design. Recent advances in program analysis, type systems, and formal verification have further strengthened the theoretical underpinnings of information flow control. With the emergence of mechanisms like declassification and endorsement, information flow control has evolved to address practical challenges in real-world systems, enabling developers to enforce security policies that are both sound and flexible.However, applying information flow control in practice remains challenging. A core reason for this disconnect is that different applications domain impose fundamentally different security requirements and policy specifications. Many real-world systems demand information flow analyses that balance precision, soundness, and scalability, while others require enforcement of less explored policies with complex security lattices. In general, existing information flow enforcement techniques either rely on overly conservative approximations—leading to false positives that overwhelm developers—or depend on heavyweight verification frameworks that are difficult to deploy. Others assume simple policies or trusted infrastructures that are unrealistic in modern systems, like confidential computing.This dissertation explores three such use scenarios, each representing a distinctive class of control enforcement where existing technics in information flow control fall short.First, we develop CtChecker, a static analysis framework for verifying constant-time behavior in cryptographic algorithm implementations. CtChecker detects secret-dependent control flow and memory access patterns, achieving sound detection of timing side-channel vulnerabilities while significantly reducing false positives and maintaining scalability. By enabling field sensitivity, context sensitivity, partial flow sensitivity, and support for declassification, CtChecker finds a balanced solution for the practical verification of real-world cryptographic systems.Next, we present Talisman, a system for verifying the integrity of authorization request inputs in reference monitors. Talisman introduces a relaxed noninterference property tailored to the reference monitor security model, drastically reducing false alarms related to input tampering. Moreover, it employs a hybrid endorsement mechanism to distinguish between policy-intended behavior and exploitable violations. These innovations allow Talisman to soundly enforce the tamperproof property, an understudied requirement for reference monitors, even under complex and application-specific security lattices.Finally, we build Agora to address information flow control in the context of confidential computing, where minimizing the trusted computing base (TCB) of security verification is essential. Agora is designed to support coarse-grained information flow control, which is well-suited for maintaining user data confidentiality in function-as-a-service (FaaS) environments running inside trusted execution environments (TEEs). By offloading complex program analysis and constraint solving to untrusted infrastructure, and relying on checkable evidence validated by a small, independently verifiable core, Agora ensures that high-level security properties are preserved and can be remotely attested.Together, these systems demonstrate that practical information flow control is achievable when enforcement is grounded in the specific needs of its target domain. By designing precise, scalable, and trust-aware enforcement mechanisms, this dissertation brings information flow control closer to its full potential as a security foundation for real-world applications. |
|---|---|
| ISBN: | 9798297672031 |
| Fuente: | ProQuest Dissertations & Theses Global |