Definition
Information Flow Control
Information flow control is a security mechanism that regulates the propagation of information between subjects and objects based on their security classifications. It ensures that information moves only along authorised paths, preventing leakage from high-security contexts to low-security ones.
Mechanisms
Information flow control can be enforced through various mechanisms:
- Static analysis: Verifying code before execution to detect illicit flows
- Dynamic tracking: Labelling data with taint marks and tracking their propagation at runtime
- Access control: Restricting operations that would create unauthorised flows
- Lattice-based models: Formal frameworks using partial orders on security levels
Relation to Confidentiality
Confidentiality Preservation
Information flow control enforces confidentiality by ensuring that data at a given security level cannot influence observations at a lower level. If no information flow from (high) to (low) exists, an observer at gains no knowledge of data at .