A Progress-Sensitive Flow-Sensitive Inlined Information-Flow Control Monitor
نویسندگان
چکیده
We present a novel progress-sensitive, flow-sensitive hybrid information-flow control monitor for an imperative interactive language. Progress-sensitive information-flow control is a strong information security guarantee which ensures that a program’s progress (or lack of) does not leak information. Flow-sensitivity means that this strong security guarantee is enforced fairly precisely: we track information flow according to the source of information and not to an a priori given variable security level. We illustrate our approach on an imperative interactive language. Our hybrid monitor is inlined: source programs are translated, by a type-based analysis, into a target language that supports dynamic security levels. A key benefit of this is that the resulting monitored program is amenable to standard optimization techniques such as partial evaluation.
منابع مشابه
A progress-sensitive flow-sensitive inlined information-flow control monitor (extended version)
We present a novel progress-sensitive, flow-sensitive hybrid information-flow control monitor for an imperative interactive language. Progress-sensitive information-flow control is a strong information security guarantee which ensures that a program’s progress (or lack of) does not leak information. Flow-sensitivity means that this strong security guarantee is enforced fairly precisely: our mon...
متن کاملA progress - sensitive ow - sensitive inlined information - ow control monitor
We present a novel progress-sensitive, ow-sensitive hybrid informationow control monitor for an imperative interactive language. Progress-sensitive informationow control is a strong information security guarantee which ensures that a program's progress (or lack of) does not leak information. Flow-sensitivity means that this strong security guarantee is enforced fairly precisely: we track inform...
متن کاملVerified and Optimized Inlined Reference Monitors
Current software stacks are built on top of unsafe languages such as C and C++. Software attacks sabotage program executions by inducing control flow transfers to shellcode or manipulating data pointers to read/write sensitive information. By embedding security checks into subject programs during compilation, many attacks can be foiled effectively. In this proposal, we investigate current softw...
متن کاملGlobal and Local Monitors to Enforce Noninterference in Concurrent Programs
Controlling confidential information in concurrentsystems is difficult, due to covert channels resulting from inter-action between threads. This problem is exacerbated if threadsshare resources at fine granularity.In this work, we propose a novel monitoring framework toenforce strong information security in concurrent programs. Ourmonitors are hybrid, combining dynamic a...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کامل