Computer Laboratory

Technical reports

Towards practical information flow control and audit

Thomas F. J.-M. Pasquier

July 2016, 153 pages

This technical report is based on a dissertation submitted January 2016 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Jesus College.


In recent years, pressure from the general public and from policy makers has been for more and better control over personal data in cloud computing environments. Regulations put responsibilities on cloud tenants to ensure that proper measures are effected by their cloud provider. But there is currently no satisfactory mechanism to achieve this, leaving tenants open to potentially costly lawsuits.

Decentralised Information Flow Control (IFC) at system level is a data-centric Mandatory Access Control scheme that guarantees non-interference across security contexts, based on lattices defined by secrecy and integrity properties. Every data flow is continuously monitored to guarantee the enforcement of decentrally specified policies. Applications running above IFC enforcement need not be trusted and can interact. IFC constraints can be used to ensure that proper workflows are followed, as defined by regulations or contracts. For example, to ensure that end users’ personal data are anonymised before being disclosed to third parties.

Information captured during IFC enforcement allows a directed graph representing whole-system data exchange to be generated. The coupling of policy enforcement and audit data capture allows system “noise” to be removed from audit data, and only information relevant to the policies in place to be recorded. It is possible to query these graphs to demonstrate that the system behaved according to regulation. For example, to demonstrate from run-time data that there is no path without anonymisation between an end-user and a third party.

Full text

PDF (1.5 MB)

BibTeX record

  author =	 {Pasquier, Thomas F. J.-M.},
  title = 	 {{Towards practical information flow control and audit}},
  year = 	 2016,
  month = 	 jul,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-893}