Secure Program Partitioning in Dynamic Networks |
| | Abstract | A shortcoming of many systems dealing with sensitive data is that they do not control the propagation of information in an appropriate way. This includes both the denial of access for unauthorized principals, and the control of the data's integrity. Previous work has shown that security-typed programs can successfully address this shortcoming.
Security-typed programs can safely be distributed and executed in a network, as shown by Zdanewic et al. The distributed programs obey, by construction, all annotations with respect to access rights. The approach does not, however, support dynamic changes to the network or the trust model.
In this thesis, the original framework for distribution of security-typed programs has been extended to also consider dynamic systems. The main contribution is the development of a trust model with support for dynamic systems. Moving to a dynamic setting introduces new problems, e.g., the choice between several feasible distributions of a program. To address this, a metric is developed which can be used to �nd the most trustworthy distribution based on a user's preferences.
The proposed concepts have been proven to work through the implementation of a prototype. | | Keywords | Information Flow, Distributed Systems, Trust, Program Partitioning | | Type | Master's thesis [Academic thesis] | | Year | 2006 | | Publisher | Informatics and Mathematical Modelling, Technical University of Denmark, DTU | | Address | Richard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby | | Series | IMM-Thesis-2006-92 | | Note | Supervised by Assistant Professor Christian W. Probst, IMM. | | Electronic version(s) | [pdf] | | BibTeX data | [bibtex] | | IMM Group(s) | Computer Science & Engineering |
|