File sharing has become an indispensable part of our daily lives. The shared files might be sensitive, thus, their confidentially, integrity and availability should be protected. Such protection might be against external threats that are initiated by unauthorised users or insider threats that are initiated by authorised users. Our main interest in this thesis is with insider threats. Protecting shared files against insiders is a challenging problem. Insiders enjoy various characteristics such as being trusted and authorised, in addition to being inside the network perimeter and having knowledge of information systems. This makes it difficult to prevent or detect policy violation for these users. The goal of this thesis is to protect shared files from the perspective of insider security with language-based techniques. In the first part of the thesis, we define what we mean by an insider and the insider problem precisely, and propose an approach to classify the insider problem into different categories. We then define and focus on one category that is related to file sharing. Namely, protecting the confidentiality and integrity of the shared files against accidental misuse by insiders. Furthermore, we classify the activity of file sharing into different categories that describe all possible ways of performing the activity of file sharing. These categories represent policies that describe how files should be propagated and accessed by insiders. We show that enforcing these policies can protect the files against accidental misuse by insiders while allowing the activity of sharing to be performed as desired. Thus our interest can be summarised as keeping honest users safe. In the second part of the thesis, we develop a security type system that statically enforces information flow and access control policies in a file system. Files are associated with security types that represent security policies, and programs are sets of operations to be performed on files such as read, copy, move, etc. A type checker, therefore, will statically check each operation to be performed on a file and determine whether the operation satisfies the policy of the file. We prove that our type system is sound and develop a type reconstruction algorithm and prove its soundness and completeness. The type system we developed in this thesis protects the files against accidental misuse by insiders.
| Identifer | oai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:694591 |
| Date | January 2016 |
| Creators | Alsowail, Rakan |
| Publisher | University of Sussex |
| Source Sets | Ethos UK |
| Detected Language | English |
| Type | Electronic Thesis or Dissertation |
| Source | http://sro.sussex.ac.uk/id/eprint/63551/ |
Page generated in 0.0014 seconds