Garm: cross application data provenance and policy enforcement
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
Cross-application data provenance and policy enforcement
ACM Transactions on Information and System Security (TISSEC)
Combining Discretionary Policy with Mandatory Information Flow in Operating Systems
ACM Transactions on Information and System Security (TISSEC)
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Content-based isolation: rethinking isolation policy design on client systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
Users commonly download, patch, and use applications such as email clients, office applications, and media-players from the Internet. Such applications are run with the user's full permissions. Because system protections do not differentiate applications, any malcode present in the downloaded software can compromise or otherwise leak all user data. Interestingly, our investigations indicate that common applications often adhere to recognizable workflows on user data. In this paper, we take advantage of this reality by developing protection mechanisms that "pin'' user files to the applications that may use them. These mechanisms restrict access to user data to explicitly stated workflows--thus preventing malcode from exploiting user data not associated with that application. We describe our implementation of PinUP on the Linux Security Modules framework, explore its performance, and study several practical use cases. Through these activities, we show that user data can be protected from untrusted applications while retaining the ability to receive the benefits of those applications.