Abstract: For more than 3 decades now, it is well understood that several desirable security properties of systems can be cast in terms of information flows. In particular, information flow control is widely regarded as a very useful tool for the analysis and enforcement of end-to-end security properties in the dynamic setting of mobile and distributed systems. With cloud becoming the new computing paradigm, a lot of research effort is directed towards overcoming the challenges in translating the simple and elegant theory of information flow control into practical tools in the form of programming languages and systems. Although a variety of tools based on information flow control already exist for addressing issues related to specific applications, a clean unified formal model is highly desirable.
In this talk, we (i) introduce the basic concepts of information flow control, (ii) present a process calculus enriched with information flow notions together with algorithms for reasoning about security properties in this calculus and (iii) demonstrate the applications of our approach using Linux security as an example.