Structure Matters - A New Approach for Data Flow Tracking

Usage control (UC) is concerned with how data may or may not be used after initial access has been granted. UC requirements are expressed in terms of data (e.g. a picture, a song) which exist within a system in forms of different technical representations (containers, e.g. files, memory locations, windows). A model combining UC enforcement with data flow tracking across containers has been proposed in the literature, but it exhibits a high false positives detection rate. In this paper we propose a refined approach for data flow tracking that mitigates this over approximation problem by leveraging information about the inherent structure of the data being tracked. We propose a formal model and show some exemplary instantiations.

[1]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[2]  Qing Zhang,et al.  Neon: system support for derived data management , 2010, VEE '10.

[3]  Heng Yin,et al.  Dynamic Spyware Analysis , 2007, USENIX Annual Technical Conference.

[4]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[5]  Brian Demsky Cross-application data provenance and policy enforcement , 2011, TSEC.

[6]  Alexander Pretschner,et al.  Data usage control enforcement in distributed systems , 2013, CODASPY.

[7]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[8]  Frank Piessens,et al.  Security Monitor Inlining for Multithreaded Java , 2009, ECOOP.

[9]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[10]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[11]  Stephen McCamant,et al.  DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation , 2011, NDSS.

[12]  Anh Nguyen-Tuong,et al.  Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.

[13]  Antony I. T. Rowstron,et al.  Vigilante: End-to-end containment of Internet worm epidemics , 2006, TOCS.

[14]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[15]  Alexander Pretschner,et al.  State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition , 2009, 2009 Third International Conference on Network and System Security.

[16]  Alexander Pretschner,et al.  Data Loss Prevention Based on Data-Driven Usage Control , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[17]  Margo I. Seltzer,et al.  Layering in Provenance Systems , 2009, USENIX Annual Technical Conference.

[18]  Angelos D. Keromytis,et al.  libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.

[19]  Bruno Crispo,et al.  xESB: An Enterprise Service Bus for Access and Usage Control Policy Enforcement , 2010, IFIPTM.

[20]  Bei Yu,et al.  TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[21]  Christian Schaefer,et al.  Usage Control Enforcement with Data Flow Tracking for X11 , 2009, STM 2009.

[22]  Alexander Pretschner,et al.  Representation-Independent Data Usage Control , 2011, DPM/SETOP.

[23]  Mário S. Alvim,et al.  When Not All Bits Are Equal: Worth-Based Information Flow , 2014, POST.