A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
A lattice model of secure information flow
Communications of the ACM
Sub-operating systems: a new approach to application security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Design of the EROS trusted window system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Protection and communication abstractions for web browsers in MashupOS
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
PinUP: Pinning User Files to Known Applications
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Laminar: practical fine-grained decentralized information flow control
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Noninterference for a Practical DIFC-Based Operating System
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Fabric: a platform for secure distributed computation and storage
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Proceedings of the 17th ACM conference on Computer and communications security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
CRePE: context-related policy enforcement for android
ISC'10 Proceedings of the 13th international conference on Information security
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Proceedings of the 18th ACM conference on Computer and communications security
Tag, you can see it!: using tags for access control in photo sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Sharing Mobile Code Securely with Information Flow Control
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
CleanOS: limiting mobile data exposure with idle eviction
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
| Hi-index | 0.00 |
Modern OSes such as Android, iOS, and Windows 8 have changed the way consumers interact with computing devices. Tasks are often completed by stringing together a collection of purpose-specific user applications (e.g., a barcode reader, a social networking app, a document viewer). As users direct this workflow between applications, it is difficult to predict the consequence of each step. Poor selection may result in accidental information disclosure when the target application unknowingly uses cloud services. This paper presents Aquifer as a policy framework and system for preventing accidental information disclosure in modern operating systems. In Aquifer, application developers define secrecy restrictions that protect the entire user interface workflow defining the user task. In doing so, Aquifer provides protection beyond simple permission checks and allows applications to retain control of data even after it is shared.