Avoiding information leakage in security-policy-aware planning

Keith Irwin, Ting Yu, William H. Winsborough

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Pages85-94
Number of pages10
DOIs
Publication statusPublished - 1 Dec 2008
Externally publishedYes
Event7th ACM Workshop on Privacy in the Electronic Society, WPES'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States
Duration: 27 Oct 200831 Oct 2008

Other

Other7th ACM Workshop on Privacy in the Electronic Society, WPES'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
CountryUnited States
CityAlexandria, VA
Period27/10/0831/10/08

Fingerprint

Planning
Computer systems

Keywords

  • Obligations
  • Policy
  • Scheduling

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Irwin, K., Yu, T., & Winsborough, W. H. (2008). Avoiding information leakage in security-policy-aware planning. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 85-94) https://doi.org/10.1145/1456403.1456418

Avoiding information leakage in security-policy-aware planning. / Irwin, Keith; Yu, Ting; Winsborough, William H.

Proceedings of the ACM Conference on Computer and Communications Security. 2008. p. 85-94.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Irwin, K, Yu, T & Winsborough, WH 2008, Avoiding information leakage in security-policy-aware planning. in Proceedings of the ACM Conference on Computer and Communications Security. pp. 85-94, 7th ACM Workshop on Privacy in the Electronic Society, WPES'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08, Alexandria, VA, United States, 27/10/08. https://doi.org/10.1145/1456403.1456418
Irwin K, Yu T, Winsborough WH. Avoiding information leakage in security-policy-aware planning. In Proceedings of the ACM Conference on Computer and Communications Security. 2008. p. 85-94 https://doi.org/10.1145/1456403.1456418
Irwin, Keith ; Yu, Ting ; Winsborough, William H. / Avoiding information leakage in security-policy-aware planning. Proceedings of the ACM Conference on Computer and Communications Security. 2008. pp. 85-94
@inproceedings{ddf619feab1f41ee880b1b4c3e66014f,
title = "Avoiding information leakage in security-policy-aware planning",
abstract = "In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.",
keywords = "Obligations, Policy, Scheduling",
author = "Keith Irwin and Ting Yu and Winsborough, {William H.}",
year = "2008",
month = "12",
day = "1",
doi = "10.1145/1456403.1456418",
language = "English",
isbn = "9781605582894",
pages = "85--94",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - Avoiding information leakage in security-policy-aware planning

AU - Irwin, Keith

AU - Yu, Ting

AU - Winsborough, William H.

PY - 2008/12/1

Y1 - 2008/12/1

N2 - In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.

AB - In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.

KW - Obligations

KW - Policy

KW - Scheduling

UR - http://www.scopus.com/inward/record.url?scp=70349238649&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70349238649&partnerID=8YFLogxK

U2 - 10.1145/1456403.1456418

DO - 10.1145/1456403.1456418

M3 - Conference contribution

SN - 9781605582894

SP - 85

EP - 94

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -