Secure Program Partitioning in Dynamic Networks



AbstractA shortcoming of many systems dealing with sensitive data is that they do not control the propagation of information in an appropriate way. This includes both the denial of access for unauthorized principals, and the control of the data's integrity. Previous work has shown that security-typed programs can successfully address this shortcoming.

Security-typed programs can safely be distributed and executed in a network, as shown by Zdanewic et al. The distributed programs obey, by construction, all annotations with respect to access rights. The approach does not, however, support dynamic changes to the network or the trust model.

In this thesis, the original framework for distribution of security-typed programs has been extended to also consider dynamic systems. The main contribution is the development of a trust model with support for dynamic systems. Moving to a dynamic setting introduces new problems, e.g., the choice between several feasible distributions of a program. To address this, a metric is developed which can be used to nd the most trustworthy distribution based on a user's preferences.

The proposed concepts have been proven to work through the implementation of a prototype.
KeywordsInformation Flow, Distributed Systems, Trust, Program Partitioning
TypeMaster's thesis [Academic thesis]
Year2006
PublisherInformatics and Mathematical Modelling, Technical University of Denmark, DTU
AddressRichard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby
SeriesIMM-Thesis-2006-92
NoteSupervised by Assistant Professor Christian W. Probst, IMM.
Electronic version(s)[pdf]
BibTeX data [bibtex]
IMM Group(s)Computer Science & Engineering