Show simple item record

Dynamic Enforcement of Knowledge-based Security Policies

dc.contributor.authorMardziel, Piotr
dc.contributor.authorMagill, Stephen
dc.contributor.authorHicks, Michael
dc.contributor.authorSrivatsa, Mudhakar
dc.description.abstractThis paper explores the idea of knowledge-based security policies, which are used to decide whether to answer a query over secret data based on an estimation of the querier's (possibly increased) knowledge given the result. Limiting knowledge is the goal of existing information release policies that employ mechanisms such as noising, anonymization, and redaction. Knowledge-based policies are more general: they increase flexibility by not fixing the means to restrict information flow. We enforce a knowledge-based policy by explicitly tracking a model of a querier's belief about secret data, represented as a probability distribution. We then deny any query that could increase knowledge above a given threshold. We implement query analysis and belief tracking via abstract interpretation using a novel domain we call probabilistic polyhedra, whose design permits trading off precision with performance while ensuring estimates of a querier's knowledge are sound. Experiments with our implementation show that several useful queries can be handled efficiently, and performance scales far better than would more standard implementations of probabilistic computation based on sampling.en_US
dc.relation.ispartofseriesUM Computer Science Department;CS-TR-4978
dc.titleDynamic Enforcement of Knowledge-based Security Policiesen_US
dc.typeTechnical Reporten_US

Files in this item


This item appears in the following Collection(s)

Show simple item record