Andrei Sabelfeld
Dept. of Computer Science and Engineering
Chalmers University of Technology, Gothenburg
Sweden
Information flow tracking
Abstract
Information flow control has been extensively studied for applications in traditional programming languages and for abstract models of communicating systems. Recently, information flow control has received more attention as a means to enforce data confidentiality and integrity for web and IoT applications. Web and IoT applications have high potential to leverage the promise of information flow control because of the necessity to control the propagation of information in tightly integrated components that mix code from trusted and untrusted sources. These lectures overview information flow foundations, focusing on formalizing security policies for integrity, confidentiality and intentional information release (declassification), and present highlights of practical applications of information flow technology, where static and dynamic enforcement techniques are combined to track information flow in web and IoT applications.
Course materials
- A. Sabelfeld. Information flow tracking. Slides from the course at EWSCS '19.
- A. Sabelfeld, A. Birgisson, A. Sjösten. Information flow challenges. https://ifc-challenge.appspot.com/
- Videos from the lectures (large, unedited files) [mp4, password-protected]
- A. Sabelfeld, A. C. Myers. Language-based information-flow Security. IEEE J. on Selected Areas in Communications, v. 21, n. 1, pp. 5-19, 2003.
- I. Bastys, M. Balliu, A. Sabelfeld. If This Then What? Controlling flows in IoT apps. In Proc. of ACM Conf. on Computer and Communications Security, CCS '18 (Toronto, Oct. 2018). ACM Press , 2018.
Last changed
April 10, 2020 22:44 Europe/Helsinki (GMT +03:00)
by
local organizers, ewscs19(at)cs.ioc.ee
EWSCS'19 page:
//cs.ioc.ee/ewscs/2019/