|
Information flow in an information theoretical context is the transfer of information from a variable to a variable in a given process. Not all flows may be desirable. For example, a system shouldn't leak any secret (partially or not) to public observers. == Introduction == Securing the data manipulated by computing systems has been a challenge in the past years. Several methods to limit the information disclosure exist today, such as access control lists, firewalls, and cryptography. However, although these methods do impose limits on the information that is released by a system, they provide no guarantees about information ''propagation''.〔Andrei Sabelfeld and Andrew C. Myers. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, 21(1), Jan. 2003.〕 For example, access control lists of file systems prevent unauthorized file access, but they do not control how the data is used afterwards. Similarly, cryptography provides a means to exchange information privately across a non-secure channel, but no guarantees about the confidentiality of the data are given once it is decrypted. In low level information flow analysis, each variable is usually assigned a security level. The basic model comprises two distinct levels: low and high, meaning, respectively, publicly observable information, and secret information. To ensure confidentiality, flowing information from high to low variables should not be allowed. On the other hand, to ensure integrity, flows to high variables should be restricted.〔 More generally, the security levels can be viewed as a lattice with information flowing only upwards in the lattice.〔Dorothy Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236-242, 1976.〕 For example, considering two security levels and (low and high), if , flows from to , from to , and to would be allowed, while flows from to would not. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Information flow (information theory)」の詳細全文を読む スポンサード リンク
|