On-the-Fly inlining of dynamic dependency monitors for secure information flow

Authors:
Luciano Bello;Eduardo Bonelli
Affiliations:
Si6 Labs - CITEDEF - Inst. de Investigac. Cient. y Técnicas para la Defensa, Argentina,ITBA - Instituto Tecnológico Buenos Aires, Argentina;ITBA - Instituto Tecnológico Buenos Aires, Argentina,CONICET - Consejo Nacional de Investigaciones Científicas y Técnicas, Argentina,UNQ - Univesidad Nacional de Quilmes, Argentina
Venue:
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Year:
2011

Citing 18
Cited 0

A sound type system for secure flow analysis

Journal of Computer Security
The inlined reference monitor approach to security policy enforcement

The inlined reference monitor approach to security policy enforcement
On flow-sensitive security types

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic Dependency Monitoring to Secure Information Flow

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Automaton-based Confidentiality Monitoring of Concurrent Programs

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Quantitative information flow as network flow capacity

Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Staged information flow for javascript

Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Efficient purely-dynamic information flow analysis

Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Tight Enforcement of Information-Release Policies for Dynamic Languages

CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Efficient purely-dynamic information flow analysis

ACM SIGPLAN Notices
Analyzing Information Flow in JavaScript-Based Browser Extensions

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Automata-based confidentiality monitoring

ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Permissive dynamic information flow analysis

PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Dynamic vs. Static Flow-Sensitive Security Analysis

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Information Flow Monitor Inlining

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Provably correct runtime enforcement of non-interference properties

ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
From dynamic to static and back: riding the roller coaster of information-flow control research

PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Information flow analysis (IFA) in the setting of programming languages is steadily veering towards the adoption of dynamic techniques. This is particularly attractive for scripting languages for web applications programming. A common manifestation of dynamic techniques is that of run-time monitors, which should block program execution in the presence of an insecure run. Significant efforts are still required before practical, scalable monitors for secure IFA of industrial scale languages such as JavaScript can be achieved. Such monitors ideally should compensate for the absence of the traces they do not track, should not require modifications of the VM and should provide a fair compromise between security and usability among other things. This paper discusses on-the-fly inlining of monitors that track dependencies as a prospective candidate.