YIN Lihua, GUO Yunchuan, ZHANG Huibing, HUANG Wenting, FANG Binxing. Threat-Based Declassification and Endorsement for Mobile Computing[J]. Chinese Journal of Electronics, 2019, 28(5): 1041-1052. doi: 10.1049/cje.2019.06.007
Citation: YIN Lihua, GUO Yunchuan, ZHANG Huibing, HUANG Wenting, FANG Binxing. Threat-Based Declassification and Endorsement for Mobile Computing[J]. Chinese Journal of Electronics, 2019, 28(5): 1041-1052. doi: 10.1049/cje.2019.06.007

Threat-Based Declassification and Endorsement for Mobile Computing

doi: 10.1049/cje.2019.06.007
Funds:  This work is supported by the National High Technology Research and Development Program (No.2015AA016007), National Natural Science Foundation of China (No.61672515, No.61662013), and Guangxi Natural Science Foundation (No.2017GXNSFAA198372)
More Information
  • Corresponding author: GUO Yunchuan (corresponding author) was born in 1977.He received the Ph.D.degree from the University of Chinese Academy of Sciences in 2011.He is an associate professor of the Institute of Information Engineering,CAS.His research interests include information security and formal verification.(Email:guoyunchuan@iie.ac.cn)
  • Received Date: 2017-11-22
  • Rev Recd Date: 2019-06-19
  • Publish Date: 2019-09-10
  • Declassification and endorsement can efficiently improve the usability of mobile applications. However, both declassify and endorse operations in practice are often ad-hoc and nondeterministic, thus, being insecure. From a new perspective of threat assessments, we propose the Threat-based typed security p-calculus (πTBTS) to model declassification and endorsement in mobile computing. Intuitively, when relaxing confidentiality policies and/or integrity policies, we respectively assess threats brought by performing these two relaxes. If these threats are acceptable, the declassification and/or endorsement operations are permitted; Otherwise, they are denied. The proposed assessments have explicit security conditions, results and less open parameters, so our approach solves the problem of the ad-hoc and nondeterministic semantics and builds a bridge between threat assessments and declassification/endorsement.
  • loading
  • X. Wang, Q. Lu, Y. Xiong, F. Miao, W. Huang, Tao Liu and X. Wu, "A secure distributed authentication scheme based on CRT-VSS and trusted computing in MANE", Chinese Journal of Electronics, Vol.23, pp.284-290. 2014.
    Y. Zheng, et al., "A geography-intimacy-based algorithm for data forwarding in mobile social network," Chinese Journal of Electronics, Vol.25, pp.936-942.2016.
    M.Bishop, Computer Security:Art and science, AddisonWesley, Addison-Wesley, 2003.
    W.Rafnsson and A.Sabelfeld, "Limiting information leakage in event-based communication", ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, 2011, pp.1-16.
    A. Askarov and A. Myers, "A semantic framework for declassification and endorsement", Proc. of Programming Languages and Systems, 2010, pp.64-84.
    H. Khambhammettu, S. Boulares, K. Adi and L. Logrippo, "A framework for risk assessment in access control systems", Comput.Secur., Vol.39, No.PART A, pp.86-103, Nov.2013.
    Y. Guo, L. Yin, L. Chang and A. Vasilakos, "Poster:Riskbased approach:A new perspective on declassification and endorsement," IEEE Symposium on Security and Privacy, Online, 2014.
    Y. GUO, B. Fang, L. Yin and Y. Zhou, "A security model for confidentiality and integrity in mobile computing", Chinese Journal. Computers, Vol.36, No.7, pp.1424-1433, 2013.(in Chinese)
    A. Sabelfeld and D. Sands, "Declassification:Dimensions and principles", Journal of Computer Security, Vol.17, No.5, pp.517-548, 2009.
    A. Askarov and A. Sabelfeld, "Tight enforcement of information-release policies for dynamic languages", IEEE Proc.of Computer Security Foundations Symposium, 2009, pp.43-59.
    W. Rafnsson and A. Sabelfeld, "Secure multi-execution:Fine-grained, declassification-aware, and transparent", IEEE Proc. of Computer Security Foundations Symposium, 2013, pp.33-48.
    J. A. Vaughan and S. Chong, "Inference of expressive declassification policies", IEEE Symposium on Security and Privacy, pp.180-195, 2011.
    H. T. Austin and C. Flanagan, "Multiple facets for dynamic information flow", ACM Sigplan, Vol.47, No.1, pp.165-177, Jan. 2012.
    J. A. Thomas, N. Cuppens-Boulahia and F. Cuppens, "Declassification policy management in dynamic information systems", Proc.of International Conference on Availability, Reliability and Security, 2011, pp.143-152.
    J.Bacon, D. Eyers, T. Pasquier and J. Singh, "Information flow control for secure cloud computing", IEEE Transactions on Network and Service Management, Vol.11, No.1, pp.76-89, 2014.
    A.Birgisson, A.Russo and A.Sabelfeld, "Unifying facets of information integrity", Information Systems Security, pp.48-65, 2010.
    W.Cheng, D.Ports and D.Schultz, "Abstractions for usable information flow control in Aeolus.", USENIX Annual Technical Conference, 2012, pp.139-151.
    L. Jia, J. Aljuraidan, E. Fragkaki, L. Bauer, M. Stroucken, K. Fukushima, S.Kiyomoto and Y. Miyake, "Run-time enforcement of information-flow properties (extended abstract)", Computer and Security, pp.775-792, 2013.
    P. Sewell, P. T. Wojciechowski and A. Unyapoth, "Nomadic pict:Programming languages, communication infrastructure overlays, and semantics for mobile computation", ACM Transactions on Programming Languages and Systems, Vol.32, No.4, pp.1-63, 2010.
    A. Singh, C. R. Ramakrishnan and S. A. Smolka, "A process calculus for mobile ad hoc networks", Science of Computer Programming, Vol.75, No.6, pp.440-469, 2010.
    M. Hennessy and J. Riely, "Resource access control in systems of mobile agents", Information and Computation, Vol.173, No.1, pp.82-120, 2002.
    M. Hennessy and J. Riely, "Information flow vs. resource access in the asynchronous pi-calculus", ACM Transactions on Programming Languages and Systems, Vol.24, No.5, pp.566-591, 2002.
    T. Amtoft, J. Hatcliff, and E. Rodríguez, "Precise and automated contract-based reasoning for verification and certification of information flow properties of programs with arrays", Programming Languages and Systems, Vol.6012, pp.43-63, 2010.
    L. Luo, Z. Duan and C. Tian, "Extension of p-Calculus with Interval Action Prefixes", Chinese Journal of Electronics, Vol.25, pp.848-857, 2016.
    J. Shi, C. Huang, J. Wang, K. He and X. Shen, "An access control scheme with dynamic user management and cloudaided decryption", Security and Communication Networks, Vol.18, pp.5659-5672, 2016.
    H. Li and A. Dhawan, "MOSAR:A secured on-demand routing protocol for mobile multilevel ad hoc networks", International Journal of Network Security, 2010, Vol.10, No.2, pp.125-138.
  • 加载中


    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (153) PDF downloads(108) Cited by()
    Proportional views


    DownLoad:  Full-Size Img  PowerPoint