MAP-REDUCE Runtime Enforcement of Information Flow Policies
This work addresses the need for adaptable information flow enforcement in systems, though it appears incremental by extending existing methods to a map-reduce context.
The authors tackled the problem of enforcing diverse information flow policies by proposing a flexible framework that combines secure multi-execution with map-reduce computations, resulting in a customizable mechanism proven sound and precise for properties like non-interference, removal of inputs, and deletion of inputs.
We propose a flexible framework that can be easily customized to enforce a large variety of information flow properties. Our framework combines the ideas of secure multi-execution and map-reduce computations. The information flow property of choice can be obtained by simply changes to a map (or reduce) program that control parallel executions. We present the architecture of the enforcement mechanism and its customizations for non-interference (NI) (from Devriese and Piessens) and some properties proposed by Mantel, such as removal of inputs (RI) and deletion of inputs (DI), and demonstrate formally soundness and precision of enforcement for these properties.