A Virtual Machine Based Information Flow Control System for Policy Enforcement
نویسندگان
چکیده
The ability to enforce usage policies attached to data in a fine grained manner requires that the system be able to trace and control the flow of information within it. This paper presents the design and implementation of such an information flow control system, named Trishul, as a Java Virtual Machine. In particular we address the hard problem of tracing implicit information flow, which had not been resolved by previous run-time systems and the intricacies added on by the Java architecture. We argue that the security benefits offered by Trishul are substantial enough to counter-weigh the performance overhead of the system as shown by our experiments.
منابع مشابه
Trishul: A Policy Enforcement Architecture for Java Virtual Machines
The standard Java execution environment provides only primitive support for specifying and enforcing access control policies both at the stack and method call level as well as the higher application level. The current implementation also falls short of providing a secure execution environment for Java applications because of its inability to trace information flow within the environment. In thi...
متن کاملDesign and Implementation of a Virtual Machine Based Information Flow Control System
The ability to enforce usage policies attached to data in a fine grained manner requires that the system be able to trace and control the flow of information within it. This paper presents the design and implementation of such an information flow control system as a Java Virtual Machine, called Trishul. In particular we describe a novel way to address the hard problem of tracing implicit inform...
متن کاملFlow Based Interpretation of Access Control: Detection of Illegal Information Flows
In this paper, we introduce a formal property characterizing access control policies for which the interpretations of access control as mechanism over objects and as mechanism over information contained into objects are similar. This leads us to define both a flow based interpretation of access control policies and the information flows generated during the executions of a system implementing a...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملEnd-to-end Verification of Security Enforcement is Fine
Proving software free of security bugs is hard. Programming language support to ensure that programs correctly enforce their security policies would help, but, to date, no language has the ability to verify the enforcement of the kinds of policies used in practice— dynamic, stateful policies which address a broad range of concerns including forms of access control and information flow tracking....
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Electr. Notes Theor. Comput. Sci.
دوره 197 شماره
صفحات -
تاریخ انتشار 2008