Transforming out Timing Leaks in Practice An Experiment in Implementing Programming Language-Based Methods for Con dentiality
نویسنده
چکیده
When it comes to granting mobile code access to conndential information , great care has to be taken if the code originates from an untrused source and the information is to remain conndential. If the program has access to the Internet during its execution, it has the possibility to leak information in many subtle ways, including through its temporal behaviour. This paper reports on practical experience from implementing a system that removes timing leaks from Java byte-code programs by transformation. We describe the problems we have encountered and the solutions we have made when we have adapted our previously developed transformation designed for a while-language (see Aga00]), to Java byte-code.
منابع مشابه
A method for assessing risk of disclosure in census microdata and tabular data
The area of con dentiality in personal databases is one which is currently of considerable interest. This paper concentrates on current research relating to measuring the risk of disclosure of information about individuals in census data, which the authors believe is directly applicable to other data sources, such as employer-employee databases. Various methods have been used in the past by cen...
متن کاملSecurity Models
Even if we limit ourselves to models of con dentiality, there are two related, but distinct, senses of the term security model in the computer security literature [McL90b]. In the more limited use of the term, a security model speci es a particular mechanism for enforcing con dentiality, called access control, which was brought over into computer security from the world of documents and safes. ...
متن کاملA Modal Logical Framework for Security Policies
It turns out that security becomes more and more important in many information systems. In this paper, we are more speci cally interested in con dentiality requirement. In this context, we show how knowledge representation techniques based on formal logic can be used to propose a faithful model of con dentiality. Our approach is to develop a modal logical framework which combines doxastic and d...
متن کاملClinical Supervision System: A Method for Improving Educational Performance of Nursing Personnel
Introduction: Employing supervision methods which focuses on educational aspects may increase the effectiveness of nursing personnel's educational activities, especially patient education. The aim of this study was to investigate the effect of clinical supervision on the effectiveness of nurses' educational performance. Methods: This quasi-experimental study was conducted using static groups' ...
متن کاملConcurrency, Synchronization, and Scheduling to Support High-Assurance Write-Up in Multilevel Object-Based Computing
We discuss concurrency, synchronization, and scheduling issues that arise with the support of high-assurance RPC-based (synchronous) write-up actions in multilevel object-based environments. Such environments are characterized by objects classi ed at varying security levels (called classi cations) and accessed by subjects with varying security clearances. A write-up action occurs when a low lev...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007