摘要 |
A method for information flow tracking is provided using, for example, a functional programming language based on lambda calculus, lambdaI. The method provides a unified information-tracking framework that supports multiple, interdependent dimensions of information. An expressive policy-specification system is separated from the underlying information-flow tracking mechanism. Arbitrary domain-specific policies are supported that can be developed and enforced independent of information flow tracking. Information-flow metadata is treated as a first-class entity, and information flow is correctly tracked on the metadata itself. Classes of information flow polices are defined using multiple dimensions that are application to both information flow data and to the information flows themselves. These classes of polices accurately model more realistic security policies, based on partial trust relations. Therefore, multiple interdependent dimensions of information are simultaneously tracked and enforced within the framework of the information flow tracking system.
|