Dynamic Dependency Monitoring to Secure Information Flow

Although static systems for information flow security are well-studied, few works address run-time information flow monitoring. Run-time information flow control offers distinct advantages in precision and in the ability to support dynamically defined policies. To this end, we here develop a new run-time information flow system based on the runtime tracking of indirect dependencies between program points. Our system tracks both direct and indirect information flows, and noninterference results are proved.

[1]  Esko Nuutila,et al.  Efficient transitive closure computation in large digraphs , 1995 .

[2]  Andrew C. Myers,et al.  Dynamic Security Labels and Noninterference (Extended Abstract) , 2004, Formal Aspects in Security and Trust.

[3]  Anindya Banerjee,et al.  Using access control for secure information flow in a Java-like language , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[4]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[5]  Andrew C. Myers,et al.  Security policies for downgrading , 2004, CCS '04.

[6]  Stephen Warshall,et al.  A Theorem on Boolean Matrices , 1962, JACM.

[7]  Andrew C. Myers,et al.  Enforcing robust declassification , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[8]  Jeffrey S. Fenton Memoryless Subsystems , 1974, Comput. J..

[9]  John P. L. Woodward Exploiting the Dual Nature of Sensitivity Labels , 1987, 1987 IEEE Symposium on Security and Privacy.

[10]  Larry Wall,et al.  Programming Perl , 1991 .

[11]  William A. Wulf,et al.  HYDRA , 1974, Commun. ACM.

[12]  Andy Podgurski,et al.  Using dynamic information flow analysis to detect attacks against applications , 2005, SOEN.

[13]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[14]  Peng Li,et al.  Encoding information flow in Haskell , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[15]  Clark Weissman,et al.  Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[16]  Gurvan Le Guernic,et al.  Monitoring Information Flow , 2005 .

[17]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[18]  Harry J. Saal,et al.  Memoryless execution: A programmer's viewpoint , 1976, Softw. Pract. Exp..

[19]  Michael Hicks,et al.  Managing policy updates in security-typed languages , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[20]  Steve Zdancewic,et al.  Run-time principals in information-flow type systems , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[21]  Tzi-cker Chiueh,et al.  A General Dynamic Information Flow Tracking Framework for Security Applications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[22]  Thomas F. Knight,et al.  A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow , 2001 .

[23]  Boniface Hicks,et al.  Dynamic updating of information-flo w policies , 2005 .

[24]  M. Franz,et al.  Practical , Dynamic Information-flow for Virtual Machines , 2005 .

[25]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[26]  David A. Schmidt,et al.  Automata-Based Confidentiality Monitoring , 2006, ASIAN.

[27]  Peng Li,et al.  Downgrading policies and relaxed noninterference , 2005, POPL '05.

[28]  François Pottier,et al.  Information flow inference for ML , 2002, POPL '02.

[29]  David Sands,et al.  On flow-sensitive security types , 2006, POPL '06.

[30]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[31]  Andy Podgurski,et al.  Using dynamic information flow analysis to detect attacks against applications , 2005, SESS@ICSE.

[32]  David Sands,et al.  Flow Locks: Towards a Core Calculus for Dynamic Flow Policies , 2006, ESOP.

[33]  Chris I. Dalton,et al.  Dynamic label binding at run-time , 2003, NSPW '03.

[34]  François Pottier A simple view of type-secure information flow in the /spl pi/-calculus , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[35]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[36]  Gregor Snelting,et al.  Information Flow Control for Java Based on Path Conditions in Dependence Graphs , 2006, ISSSE.

[37]  Andrew C. Myers,et al.  Dynamic Security Labels and Noninterference , 2004 .

[38]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[39]  Michael J. Flynn,et al.  Program counter , 2003 .

[40]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[41]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[42]  David Leon,et al.  Detecting and debugging insecure information flows , 2004, 15th International Symposium on Software Reliability Engineering.

[43]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..