Automata-based confidentiality monitoring

Authors:
Gurvan Le Guernic;Anindya Banerjee;Thomas Jensen;David A. Schmidt
Affiliations:
IRISA, Rennes, France and Kansas State University, Manhattan, KS;Kansas State University, Manhattan, KS;IRISA, Rennes, France;Kansas State University, Manhattan, KS
Venue:
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Year:
2006

Citing 22
Cited 22

Natural semantics

4th Annual Symposium on Theoretical Aspects of Computer Sciences on STACS 87
Secure information flow in a multi-threaded imperative language

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A core calculus of dependency

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective

Proceedings of the 1999 workshop on New security paradigms
Information flow inference for free

ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
A sound type system for secure flow analysis

Journal of Computer Security
Information flow inference for ML

ACM Transactions on Programming Languages and Systems (TOPLAS)
A Per Model of Secure Information Flow in Sequential Programs

Higher-Order and Symbolic Computation
Partial Evaluation and Non-inference for Object Calculi

FLOPS '99 Proceedings of the 4th Fuji International Symposium on Functional and Logic Programming
Information transmission in computational systems

SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Foundations for the run-time analysis of software systems

Foundations for the run-time analysis of software systems
The inlined reference monitor approach to security policy enforcement

The inlined reference monitor approach to security policy enforcement
Detecting and Debugging Insecure Information Flows

ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
RIFLE: An Architectural Framework for User-Centric Information-Flow Security

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Stack-based access control and secure information flow

Journal of Functional Programming
Computability classes for enforcement mechanisms

ACM Transactions on Programming Languages and Systems (TOPLAS)
Certified In-lined Reference Monitoring on .NET

Proceedings of the 2006 workshop on Programming languages and analysis for security
Enforcing non-safety security policies with program monitors

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Secure slices of insecure programs

Proceedings of the 2008 ACM symposium on Information, computer and communications security
A library for light-weight information-flow security in haskell

Proceedings of the first ACM SIGPLAN symposium on Haskell
Securing information flow via dynamic capture of dependencies

Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
Termination-Insensitive Noninterference Leaks More Than Just a Bit

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Efficient purely-dynamic information flow analysis

Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
A language for information flow: dynamic tracking in multiple interdependent dimensions

Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Information flow testing: the third path towards confidentiality guarantee

ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Tracking information flow in dynamic tree structures

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Permissive dynamic information flow analysis

PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Restricted delegation and revocation in language-based security: (position paper)

PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Information flow enforcement in monadic libraries

Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Engineering secure future internet services

The future internet
Multi-run security

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
A multi-compositional enforcement on information flow security

ICICS'11 Proceedings of the 13th international conference on Information and communications security
Multiple facets for dynamic information flow

POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Limiting information leakage in event-based communication

Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Capabilities for information flow

Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
From dynamic to static and back: riding the roller coaster of information-flow control research

PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
On-the-Fly inlining of dynamic dependency monitors for secure information flow

FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Static enforcement of information flow policies for a concurrent JVM-like language

TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
A low-overhead, value-tracking approach to information flow security

SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Monitoring temporal information flow

ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I

Quantified Score

Hi-index	0.00

Visualization

Abstract

Non-interference is typically used as a baseline security policy to formalize confidentiality of secret information manipulated by a program. In contrast to static checking of non-interference, this paper considers dynamic, automaton-based, monitoring of information flow for a single execution of a sequential program. The monitoring mechanism is based on a combination of dynamic and static analyses. During program execution, abstractions of program events are sent to the automaton, which uses the abstractions to track information flows and to control the execution by forbidding or editing dangerous actions. The mechanism proposed is proved to be sound, to preserve executions of well-typed programs (in the security type system of Volpano, Smith and Irvine), and to preserve some safe executions of ill-typed programs.