面向无传递性安全策略的语法信息流分析方法

传统的语法信息流分析方法均基于实施机密性安全策略的信息流格模型,而格关系的传递特性使得该方法不能用来分析实施无传递性安全策略的系统的安全性。提出一种新的标识隐蔽信息流的语法信息流分析方法,该方法对实施具有传递性和无传递性安全策略的系统均适用。将信息流语义附加在每条语句之后,定义一种称为信息流时序图的图结构来刻画信息流发生的时序关系,给出了基于源程序的信息流时序图的构造方法,提出了一种基于时序图的隐蔽信息流的标识算法。另外,针对并发程序的并发特性,提出了一种简化信息流时序图的方法,在该方法下只要考虑并发进程之间特定的交互次序即可,而不需要考虑所有可能的交互方式。

Syntactic Information Flow Analysis Based on Nontransitive Security Policy

The traditional syntactic information flow analysis is based on the lattice model such that the method can not be used to analyze the security of systems implementing the security policy not satisfying transitivity. This paper proposes a new information flow analysis approach. First, information flow semantics is attached to each statement of a program language. Then a graph structure called information flow temporal relation is defined to describe the temporal relation of information flow occurring, and a method of constructing the graph structure is presented. Fi-nally, based on the graph structure a covert information flow identification method is developed. In addition, ac-cording to the concurrency feature of concurrent programs, a method for reducing the information flow temporal relation is proposed. With the help of the method, it is sufficient to consider the special interleave order between concurrent processes instead of all interleave orders.