Towards a system-wide and transparent security mechanism using language-level information flow control

Authors:
Mohammad Reza Azadmanesh;Mohsen Sharifi
Affiliations:
Iran University of Science and Technology, Tehran, Iran;Iran University of Science and Technology, Tehran, Iran
Venue:
Proceedings of the 3rd international conference on Security of information and networks
Year:
2010

Citing 17
Cited 1

The SLam calculus: programming with secrecy and integrity

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Fortresses built upon sand

NSPW '96 Proceedings of the 1996 workshop on New security paradigms
A sound type system for secure flow analysis

Journal of Computer Security
Certification of programs for secure information flow

Communications of the ACM
Inside the Java Virtual Machine

Inside the Java Virtual Machine
Java Language Specification, Second Edition: The Java Series

Java Language Specification, Second Edition: The Java Series
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation

Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Secure Information Flow via Linear Continuations

Higher-Order and Symbolic Computation
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Mostly-static decentralized information flow control

Mostly-static decentralized information flow control
Introduction to Computer Security

Introduction to Computer Security
RIFLE: An Architectural Framework for User-Centric Information-Flow Security

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Dynamic Taint Propagation for Java

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)

SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)
Information flow analysis and enforcement in java bytecode

Information flow analysis and enforcement in java bytecode
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

ShadowData: shadowing heap objects in Java

Proceedings of the 11th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Operating systems try to provide secure platforms using appropriate security mechanisms like DAC and MAC. In spite of this, information confidentiality is not totally provided when information flows in the program memory space. Programming language level security techniques have thus been introduced to provide secure information flow inside programs. Existing works on programming language level are problematic though because their information flow policies have not been integrated into the underlying system security policies. In this paper we propose a dynamic solution for tracking and enforcing information flow policies inside the Java framework that is integrated with a trusted operating system namely SELinux. Our solution focuses on internal structure of JVM, implicating no modification to Java programming language. Experimental results have shown a bearable runtime overhead on running programs.