A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Dynamo: a transparent dynamic optimization system
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Compile-Time Detection of Information Flow in Sequential Programs
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
The enforcement of security policies for computation
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Using Memory Errors to Attack a Virtual Machine
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Assembly to High-Level Language Translation
ICSM '98 Proceedings of the International Conference on Software Maintenance
An Information Flow Tool for Gypsy
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Information Flow Analysis of Component-Structured Applications
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
A Virtual Machine Based Information Flow Control System for Policy Enforcement
Electronic Notes in Theoretical Computer Science (ENTCS)
Securing information flow via dynamic capture of dependencies
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
Proceedings of the 2008 workshop on New security paradigms
Provably correct runtime enforcement of non-interference properties
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Dynamic information flow control architecture for web applications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Detecting control flow in smarphones: combining static and dynamic analyses
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Runtime verification using policy-based approach to control information flow
International Journal of Security and Networks
| Hi-index | 0.00 |
Information flow control allows enforcement of end-to-end confidentiality policies but has been difficult to put in practice. This paper introduces a pragmatic new approach for tracking information flow while the process is running at the same time applying dynamic label binding. The underlying implementation mechanism uses machine code instruction stream modification to track individual data movements and manipulations within the address space of an application. This gives the ability to precisely determine all information flow causing operations and apply controls that do not overly restrict what computations can be performed.