Metadata Calculus for Securing Information Flows

摘要

Traditional approaches to information sharing use a highly conservative approach to deduce the metadata for an output object x derived from input objects y(sub 1), y(sub 2), ... , y(sub n) e.g.: maximum over the security labels of all input objects. Such approaches does not account for functions that explicitly down- grade the value of an object. Consequently, the security labels in traditional approaches tend to monotonically increase as newer objects are derived from existing ones. In this paper we present a novel metadata calculus for securing information flows. The metadata calculus defines a metadata vector space that supports a time varying value function that is computed as a function of the object's metadata and operators '+' (plus) and '.' (dot) to compute the metadata of an output object that is derived by downgrading, transforming or fusing other objects. We also describe a concrete realization of our metadata calculus wherein the tightness of our value estimates competes in an optimization problem. We present several tradeoffs with space and accuracy and explore a spectrum of solutions ranging from conservative to risk-based value estimates.