Runtime verification using policy-based approach to control information flow
International Journal of Security and Networks
Hi-index | 0.00 |
Protecting sensitive information —credit card data, personal medical information, etc— is becoming an increasingly important issue due to ubiquity of computing systems. Traditionally, confidentiality of information is guaranteed by access control mechanisms, but there is a renewed interest in developing mechanisms that track how information flows during program execution. There are two established means to enforce information flow policies: static verification, and run-time or dynamic monitoring. Run-time monitoring is more flexible than static verification, since it permits running all programs and only reject unsecure executions; of course, the increased flexibility is mitigated by a degradation of run-time performance. This work presents two techniques for dynamic information flow monitoring. Unlike most of run-time monitors that rely on program rewriting techniques, these techniques use dynamic dependence graphs to track information flow at run-time. The proposed approaches scale to real languages and can cope with declassification annotations.