Daniel Schoepe, Data- och informationsteknik

​Flexible Information-Flow Control

As more and more sensitive data is handled by software, its trustworthiness becomes an increasingly important concern. This thesis presents work on ensuring that information processed by computing systems is not disclosed to third parties without the user's permission; i.e. to prevent unwanted flows of information. While this problem is widely studied, proposed rigorous information-flow control approaches that enforce strong security properties like noninterference have yet to see widespread practical use. Conversely, lightweight techniques such as taint tracking are more prevalent in practice, but lack formal underpinnings, making it unclear what guarantees they provide.

This thesis aims to shrink the gap between heavyweight information-flow control approaches that have been proven sound and lightweight practical techniques without formal guarantees such as taint tracking. This thesis attempts to reconcile these areas by (a) providing formal foundations to taint tracking approaches, (b) extending information-flow control techniques to more realistic languages and settings, and (c) exploring security policies and mechanisms that fall in between information-flow control and taint tracking and investigating what trade-offs they incur.
​Daniel Schoepe tillhör avdelningen för Informationssäkerhet vid Data- och informationsteknik.

Opponent
Prof. Alexander Pretschner, Technische Universität, München, Tyskland.

Betygsnämnd
Dr. Nataliia Bielova, INRIA Sophia Antipolis-Méditerranée, Frankrike.
Prof. Matteo Maffei, Technische Universität Wien, Österrike.

Prof. Benoit Baudry, Royal Institute of Technology, Stockholm, Sverige.

Kategori Disputation
Plats: ED, lecture hall,
Tid: 2018-12-07 10:00
Sluttid: 2018-12-07 11:00

Publicerad: to 25 okt 2018. Ändrad: ti 13 nov 2018