IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A lattice model of secure information flow
Communications of the ACM
Remus: a security-enhanced operating system
ACM Transactions on Information and System Security (TISSEC)
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
BlueBoX: A policy-driven, host-based intrusion detection system
ACM Transactions on Information and System Security (TISSEC)
Noninterference and Intrusion Detection
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Anomaly intrusion detection in dynamic execution environments
Proceedings of the 2002 workshop on New security paradigms
Janus: an Approach for Confinement of Untrusted Applications
Janus: an Approach for Confinement of Untrusted Applications
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Detecting and countering system intrusions using software wrappers
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Hardware enforcement of application security policies using tagged memory
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
| Hi-index | 0.00 |
This article presents a novel approach to confidentiality violation detection based on taint marking. Information flows are dynamically tracked between applications and objects of the operating system such as files, processes and sockets. A confidentiality policy is defined by labelling sensitive information and defining which information may leave the local system through network exchanges. Furthermore, per application profiles can be defined to restrict the sets of information each application may access and/or send through the network. In previous works, we focused on the use of mandatory access control mechanisms for information flow tracking. In this current work, we have extended the previous information flow model to track network exchanges, and we are able to define a policy attached to network sockets. We show an example application of this extension in the context of a compromised web browser: our implementation detects a confidentiality violation when the browser attempts to leak private information to a remote host over the network.