|
In computer science, a type system can be described as a syntactic framework which contains a set of rules that are used to assign a type property (int, boolean, char etc.) to various components of a computer program, such as variables or functions. A security type system works in a similar way, only with a main focus on the security of the computer program, through information flow control. Thus, the various components of the program are assigned security types, or labels. The aim of a such system is to ultimately be able to verify that a given program conforms to the type system rules and satisfies non-interference. Security type systems is one of many security techniques used in the field of language-based security, and is tightly connected to information flow and information flow policies. In simple terms, by using a security type system, you want to detect if there exists any kind of violiation of ''confidentiality'' or ''integrity'' in your program, i.e. you want to detect if the program is in line with the information flow policy or not. == A simple information flow policy == Suppose you have two users, A and B. In your program, you introduce the following ''security classes'' (SC): * SC = , }, where ∅ is the empty set. In your information flow policy, you want to define the direction that information is allowed to flow, which is dependent on whether you are specifying a policy for ''read'' or ''write'' operations. In this example, we will consider ''read'' operations (confidentiality). We define that the following flows should be allowed: * → = ), (, ), (, ), (, ), (, ), (, ∅), (, ∅), (, ∅)} This can also be described as a superset (⊇). In words: information is allowed to flow ''towards stricter'' levels of confidentiality. Using the combination operator (⊕), we can express how security classes can perform read operations with respect to other security classes. For example: * ⊕ = — the only security class that can read from both and is . * ⊕ = ∅ — neither or are allowed to read from both and . This can also be described as an intersection (∩) between security classes. An information flow policy can be illustrated as a Hasse diagram. You also want your policy to be a lattice, that is, it has a greatest lower-bound and least upper-bound (there always exists a combination between security classes). In the case of integrity, information will flow in the opposite direction, thus the policy will be inverted. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Security type system」の詳細全文を読む スポンサード リンク
|