Runtime verification using policy-based approach to control information flow

Computer systems are monitored to check the performance or verified to check the correctness of the software systems with respect to security properties, such as integrity, availability and confidentiality. The more sensitive the information such as credit card information, military information or personal medical information being processed by the software, the more necessary and important to monitor and control the flow of the sensitive information. Monitoring and controlling untrusted program to ensure the information confidentiality during runtime in an environment, where confidential information is presented, is difficult and unnerving. The issue is how to monitor and control the flow of the confidential information at runtime of untrusted program. In this paper, we present a novel runtime verification approach for monitoring and controlling information flow that supports user interaction with running program.

[1]  Chris I. Dalton,et al.  Dynamic label binding at run-time , 2003, NSPW '03.

[2]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[3]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[4]  Hussein Zedan,et al.  Analysis and Run-Time Verification of Dynamic Security Policies , 2005, DAMAS.

[5]  Gurvan Le Guernic Precise Dynamic Verification of Confidentiality , 2008, VERIFY.

[6]  Dorothy E. Denning,et al.  Secure information flow in computer systems. , 1975 .

[7]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[8]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[9]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[10]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[11]  Troy Downing,et al.  Java Virtual Machine , 1997 .

[12]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[13]  Diego Cheda,et al.  Run-time Information Flow Monitoring based on Dynamic Dependence Graphs , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[14]  Thomas F. Knight,et al.  A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow , 2001 .

[15]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[16]  Hanêne Ben-Abdallah,et al.  MaC: A Framework for Run-Time Correctness Assurance of Real-Time Systems , 1998 .

[17]  Takuo Watanabe,et al.  Run-time detection of covert channels , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[18]  Clark Weissman,et al.  Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[19]  Deepak Chandra,et al.  Information flow analysis and enforcement in java bytecode , 2006 .

[20]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[21]  Barton P. Miller,et al.  The Paradyn Parallel Performance Measurement Tool , 1995, Computer.

[22]  Insik Shin,et al.  Mobile code security by Java bytecode instrumentation , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[23]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[24]  田端 利宏,et al.  Network and Distributed System Security Symposiumにおける研究動向の調査 , 2004 .

[25]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[26]  M. Franz,et al.  Practical , Dynamic Information-flow for Virtual Machines , 2005 .

[27]  Anindya Banerjee,et al.  History-Based Access Control and Secure Information Flow , 2004, CASSIS.

[28]  Tzi-cker Chiueh,et al.  A General Dynamic Information Flow Tracking Framework for Security Applications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[29]  Hanêne Ben-Abdallah,et al.  A Monitoring and Checking Framework for Run-time Correctness Assurance , 1998 .

[30]  Lance J. Hoffman,et al.  Security pipeline interface (SPI) , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[31]  Thomas Ball,et al.  What's in a region?: or computing control dependence regions in near-linear time for reducible control flow , 1993, LOPL.