Avoiding information leakage in security-policy-aware planning

Keith Irwin, Ting Yu, William H. Winsborough

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.

Original languageEnglish
Title of host publicationProceedings of the 7th ACM Workshop on Privacy in the Electronic Society, WPES'08,Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages85-94
Number of pages10
DOIs
Publication statusPublished - 1 Dec 2008
Event7th ACM Workshop on Privacy in the Electronic Society, WPES'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States
Duration: 27 Oct 200831 Oct 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other7th ACM Workshop on Privacy in the Electronic Society, WPES'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
CountryUnited States
CityAlexandria, VA
Period27/10/0831/10/08

Keywords

  • Obligations
  • Policy
  • Scheduling

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Avoiding information leakage in security-policy-aware planning'. Together they form a unique fingerprint.

  • Cite this

    Irwin, K., Yu, T., & Winsborough, W. H. (2008). Avoiding information leakage in security-policy-aware planning. In Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, WPES'08,Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 (pp. 85-94). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1456403.1456418