On-the-fly inlining of dynamic security monitors

How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in su...

Celý popis

Uložené v:

Podrobná bibliografia
Vydané v:	Computers & security Ročník 31; číslo 7; s. 827 - 843
Hlavní autori:	Magazinius, Jonas, Russo, Alejandro, Sabelfeld, Andrei
Médium:	Journal Article
Jazyk:	English
Vydavateľské údaje:	Amsterdam Elsevier Ltd 01.10.2012 Elsevier Sequoia S.A
Predmet:	Codes Data integrity Information Information flow Information management Information sharing Inlining Language Language-based security Non-interference Programming languages Reference monitors Security Software Studies Non-interference Information flow Reference monitors Language-based security Inlining
ISSN:	0167-4048, 1872-6208
On-line prístup:	Získať plný text
Tagy:	Pridať tag Žiadne tagy, Buďte prvý, kto otaguje tento záznam!

Abstract	How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in such programs remains an open challenge. Recently, considerable progress has been made on understanding dynamic monitoring for secure information flow. This paper presents a framework for inlining dynamic information-flow monitors. A novel feature of our framework is the ability to perform inlining on the fly. We consider a source language that includes dynamic code evaluation of strings whose content might not be known until runtime. To secure this construct, our inlining is done on the fly, at the string evaluation time, and, just like conventional offline inlining, requires no modification of the hosting runtime environment. We present a forma!lization for a simple language to show that the inlined code is secure: it satisfies a non-interference property. We also discuss practical considerations experimental results based on both manual and automatic code rewriting.
AbstractList	How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in such programs remains an open challenge. Recently, considerable progress has been made on understanding dynamic monitoring for secure information flow. This paper presents a framework for inlining dynamic information-flow monitors. A novel feature of our framework is the ability to perform inlining on the fly. We consider a source language that includes dynamic code evaluation of strings whose content might not be known until runtime. To secure this construct, our inlining is done on the fly, at the string evaluation time, and, just like conventional offline inlining, requires no modification of the hosting runtime environment. We present a forma!lization for a simple language to show that the inlined code is secure: it satisfies a non-interference property. We also discuss practical considerations experimental results based on both manual and automatic code rewriting. How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in such programs remains an open challenge. Recently, considerable progress has been made on understanding dynamic monitoring for secure information flow. This paper presents a framework for inlining dynamic information-flow monitors. A novel feature of our framework is the ability to perform inlining on the fly. We consider a source language that includes dynamic code evaluation of strings whose content might not be known until runtime. To secure this construct, our inlining is done on the fly, at the string evaluation time, and, just like conventional offline inlining, requires no modification of the hosting runtime environment. We present a formalization for a simple language to show that the inlined code is secure: it satisfies a non-interference property. We also discuss practical considerations experimental results based on both manual and automatic code rewriting. How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in such programs remains an open challenge. Recently, considerable progress has been made on understanding dynamic monitoring for secure information flow. This paper presents a framework for inlining dynamic information-flow monitors. A novel feature of our framework is the ability to perform inlining on the fly. We consider a source language that includes dynamic code evaluation of strings whose content might not be known until runtime. To secure this construct, our inlining is done on the fly, at the string evaluation time, and, just like conventional offline inlining, requires no modification of the hosting runtime environment. We present a forma!lization for a simple language to show that the inlined code is secure: it satisfies a non-interference property. We also discuss practical considerations experimental results based on both manual and automatic code rewriting. [PUBLICATION ABSTRACT]
Author	Russo, Alejandro Magazinius, Jonas Sabelfeld, Andrei
Author_xml	– sequence: 1 givenname: Jonas surname: Magazinius fullname: Magazinius, Jonas – sequence: 2 givenname: Alejandro surname: Russo fullname: Russo, Alejandro – sequence: 3 givenname: Andrei surname: Sabelfeld fullname: Sabelfeld, Andrei email: andrei@chalmers.se
BackLink	https://research.chalmers.se/publication/148773$$DView record from Swedish Publication Index (Chalmers tekniska högskola)
BookMark	eNp9kMFqGzEQhkVJoU6aF8hpoed1R1qtpEIvJbRpIZBD2vOglWZjmbXkSnKL3z4yLj3kkNPA8H__MN8lu4gpEmM3HNYcuPq4XbtUaC2A87ZYA4g3bMWNFr0SYC7YqoV0L0Gad-yylC0A18qYFYOH2NcN9fNy7EJcQgzxqUtz54_R7oLrCrlDDvXY7VIMNeXynr2d7VLo-t-8Yr--ff15-72_f7j7cfvlvnftSu1HmI3X3CkJwnHw2pAEZ7zyg7OWxtkoLT0okJLP82zNxAWR1dQ-UHKi4Yo9nnvLX9ofJtznsLP5iMkGzFTIZrdBt7HLjnLBQjiCkXZSAwrSFiUfBU5m0uikGCdv7cQ9b60fzq37nH4fqFTcpkOO7RHknAsxDAY-tZQ4p1xOpWSa_1_ngCffuMWTbzz5Pu2a7waZF5AL1daQYs02LK-jn88oNaF_AmUsLlB05EMmV9Gn8Br-DPZdnQU
CODEN	CPSEDU
CitedBy_id	crossref_primary_10_1093_comjnl_bxw022 crossref_primary_10_1016_j_cose_2017_04_001 crossref_primary_10_1016_j_infsof_2015_12_006 crossref_primary_10_1016_j_cose_2018_01_017
Cites_doi	10.1093/comjnl/17.2.143 10.1145/1281480.1281481 10.1007/s10207-004-0046-8 10.3233/JCS-1996-42-304 10.1023/A:1025055424017 10.1145/1111596.1111601 10.1145/359636.359712 10.1145/353323.353382 10.1145/363516.363520 10.1145/1046191.1032305 10.1109/JSAC.2002.806121
ContentType	Journal Article
Copyright	2011 Elsevier Ltd Copyright Elsevier Sequoia S.A. Oct 2012
Copyright_xml	– notice: 2011 Elsevier Ltd – notice: Copyright Elsevier Sequoia S.A. Oct 2012
DBID	AAYXX CITATION 7SC 8FD JQ2 K7. L7M L~C L~D ADTPV AOWAS F1S
DOI	10.1016/j.cose.2011.10.002
DatabaseName	CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection ProQuest Criminal Justice (Alumni) Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional SwePub SwePub Articles SWEPUB Chalmers tekniska högskola
DatabaseTitle	CrossRef ProQuest Criminal Justice (Alumni) Technology Research Database Computer and Information Systems Abstracts – Academic ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional
DatabaseTitleList	ProQuest Criminal Justice (Alumni)
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
EISSN	1872-6208
EndPage	843
ExternalDocumentID	oai_research_chalmers_se_5084ab63_2e7a_4152_b8b7_c425bdaab1d1 2789641691 10_1016_j_cose_2011_10_002 S0167404811001180
Genre	Feature
GroupedDBID	--K --M -~X .DC .~1 0R~ 1B1 1RT 1~. 1~5 29F 4.4 457 4G. 5GY 5VS 7-5 71M 8P~ 9JN AACTN AAEDT AAEDW AAIAV AAIKJ AAKOC AALRI AAOAW AAQFI AAQXK AAXUO AAYFN ABBOA ABFSI ABMAC ABXDB ABYKQ ACDAQ ACGFO ACGFS ACNNM ACRLP ACZNC ADBBV ADEZE ADHUB ADJOM ADMUD AEBSH AEKER AENEX AFFNX AFKWA AFTJW AGHFR AGUBO AGYEJ AHHHB AHZHX AIALX AIEXJ AIKHN AITUG AJBFU AJOXV ALMA_UNASSIGNED_HOLDINGS AMFUW AMRAJ AOUOD ASPBG AVWKF AXJTR AZFZN BKOJK BKOMP BLXMC CS3 DU5 E.L EBS EFJIC EFLBG EJD EO8 EO9 EP2 EP3 FDB FEDTE FGOYB FIRID FNPLU FYGXN G-2 G-Q GBLVA GBOLZ HLX HLZ HVGLF HZ~ IHE J1W KOM LG8 LG9 M41 MO0 MS~ N9A O-L O9- OAUVE OZT P-8 P-9 P2P PC. PQQKQ Q38 R2- RIG RNS ROL RPZ RXW SBC SBM SDF SDG SDP SES SEW SPC SPCBC SSV SSZ T5K TAE TN5 TWZ WH7 WUQ XJE XPP XSW YK3 ZMT ~G- 9DU AATTM AAXKI AAYWO AAYXX ABJNI ABWVN ACLOT ACRPL ACVFH ADCNI ADNMO AEIPS AEUPX AFJKZ AFPUW AGQPQ AIGII AIIUN AKBMS AKRWK AKYEP ANKPU APXCP CITATION EFKBS ~HD 7SC 8FD JQ2 K7. L7M L~C L~D ADTPV AOWAS F1S
ID	FETCH-LOGICAL-c404t-50f8d71c6402c10d78e40c8d6d3caae5f8674d060441fffa8b12eea7e01164be3
ISICitedReferencesCount	16
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000311021100004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	0167-4048
IngestDate	Wed Nov 05 04:20:05 EST 2025 Thu Nov 20 01:24:51 EST 2025 Sat Nov 29 05:55:39 EST 2025 Tue Nov 18 21:48:57 EST 2025 Fri Feb 23 02:20:18 EST 2024
IsPeerReviewed	true
IsScholarly	true
Issue	7
Keywords	Non-interference Information flow Reference monitors Language-based security Inlining
Language	English
License	https://www.elsevier.com/tdm/userlicense/1.0
LinkModel	OpenURL
MergedId	FETCHMERGED-LOGICAL-c404t-50f8d71c6402c10d78e40c8d6d3caae5f8674d060441fffa8b12eea7e01164be3
Notes	SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 14
PQID	1112233809
PQPubID	46289
PageCount	17
ParticipantIDs	swepub_primary_oai_research_chalmers_se_5084ab63_2e7a_4152_b8b7_c425bdaab1d1 proquest_journals_1112233809 crossref_primary_10_1016_j_cose_2011_10_002 crossref_citationtrail_10_1016_j_cose_2011_10_002 elsevier_sciencedirect_doi_10_1016_j_cose_2011_10_002
PublicationCentury	2000
PublicationDate	2012-10-01
PublicationDateYYYYMMDD	2012-10-01
PublicationDate_xml	– month: 10 year: 2012 text: 2012-10-01 day: 01
PublicationDecade	2010
PublicationPlace	Amsterdam
PublicationPlace_xml	– name: Amsterdam
PublicationTitle	Computers & security
PublicationYear	2012
Publisher	Elsevier Ltd Elsevier Sequoia S.A
Publisher_xml	– name: Elsevier Ltd – name: Elsevier Sequoia S.A
References	McCamant, Ernst (bib27) 2008 Wallach, Appel, Felten (bib49) Oct. 2000; 9 Erlingsson U. The inlined reference monitor approach to security policy enforcement. PhD thesis, Cornell University, Ithaca, NY, USA, 2004. ANTLR Parser Generator. Reis, Dunagan, Wang, Dubrovsky, Esmeir (bib33) 2007; 1 Ligatti, Bauer, Walker (bib21) 2005; 4 Vogt, Nentwich, Jovanovic, Kirda, Kruegel, Vigna (bib46) Feb. 2007 Simonet (bib42) July 2003 Le Guernic (bib18) July 2007 Austin, Flanagan (bib3) June 2009 Moore, Chong (bib30) June 2011 Facebook (bib12) 2009 Russo, Sabelfeld, Chudnov (bib36) Sept. 2009 Magazinius, Russo, Sabelfeld (bib25) 2010 Volpano, Smith, Irvine (bib48) 1996; 4 Opera, User JavaScript. Eich (bib10) Oct. 2009 Fenton (bib13) May 1974; 17 Chapman, Hilton (bib43) 2004; 24 Volpano (bib47) Sept. 1999; vol. 1694 Maffeis, Taly (bib22) 2009 Shroff, Smith, Thober (bib41) July 2007 Crockford (bib8) 2009 Sabelfeld, Russo (bib38) June 2009 Venkatakrishnan, Xu, DuVarney, Sekar (bib45) Dec. 2006 2011. Chudnov, Naumann (bib6) July 2010 Goguen, Meseguer (bib14) Apr. 1982 Myers, Zheng, Zdancewic, Chong, Nystrom (bib31) July 2001 McLean (bib28) May 1994 Schneider, Morrisett, Harper (bib40) 2000; vol. 2000 Russo, Sabelfeld (bib35) July 2010 Denning, Denning (bib9) July 1977; 20 Winskel (bib50) 1993 Leroy (bib20) 2003; 30 Miller, Samuel, Laurie, Awad, Stay (bib29) 2008 Huang, Yu, Hang, Tsai, Lee, Kuo (bib16) May 2004 Magazinius, Russo, Sabelfeld (bib26) Sept. 2010 Le Guernic, Banerjee, Jensen, Schmidt (bib19) 2006; vol. 4435 Terauchi, Aiken (bib44) Sept. 2005; vol. 3672 Maffeis, Mitchell, Taly (bib23) 2009 Russo, Sabelfeld (bib34) July 2009 Austin, Flanagan (bib4) June 2010 Sabelfeld, Myers (bib37) Jan. 2003; 21 Schneider (bib39) 2000; 3 Magazinius, Askarov, Sabelfeld (bib24) Apr. 2010 Askarov, Sabelfeld (bib2) July 2009 Boudol (bib5) Mar. 2009 Cohen (bib7) 1978 Kozen (bib17) Sept. 1999; vol. 1672 Hamlen, Morrisett, Schneider (bib15) 2006; 28 Eich (10.1016/j.cose.2011.10.002_bib10) 2009 Askarov (10.1016/j.cose.2011.10.002_bib2) 2009 Russo (10.1016/j.cose.2011.10.002_bib34) 2009 Terauchi (10.1016/j.cose.2011.10.002_bib44) 2005; vol. 3672 Wallach (10.1016/j.cose.2011.10.002_bib49) 2000; 9 Maffeis (10.1016/j.cose.2011.10.002_bib23) 2009 Le Guernic (10.1016/j.cose.2011.10.002_bib18) 2007 Moore (10.1016/j.cose.2011.10.002_bib30) 2011 Myers (10.1016/j.cose.2011.10.002_bib31) 2001 10.1016/j.cose.2011.10.002_bib32 Crockford (10.1016/j.cose.2011.10.002_bib8) 2009 Austin (10.1016/j.cose.2011.10.002_bib3) 2009 Magazinius (10.1016/j.cose.2011.10.002_bib26) 2010 Denning (10.1016/j.cose.2011.10.002_bib9) 1977; 20 Maffeis (10.1016/j.cose.2011.10.002_bib22) 2009 McLean (10.1016/j.cose.2011.10.002_bib28) 1994 Russo (10.1016/j.cose.2011.10.002_bib35) 2010 Chapman (10.1016/j.cose.2011.10.002_bib43) 2004; 24 Miller (10.1016/j.cose.2011.10.002_bib29) 2008 Venkatakrishnan (10.1016/j.cose.2011.10.002_bib45) 2006 Reis (10.1016/j.cose.2011.10.002_bib33) 2007; 1 Russo (10.1016/j.cose.2011.10.002_bib36) 2009 Fenton (10.1016/j.cose.2011.10.002_bib13) 1974; 17 Shroff (10.1016/j.cose.2011.10.002_bib41) 2007 Chudnov (10.1016/j.cose.2011.10.002_bib6) 2010 Schneider (10.1016/j.cose.2011.10.002_bib40) 2000; vol. 2000 Volpano (10.1016/j.cose.2011.10.002_bib48) 1996; 4 McCamant (10.1016/j.cose.2011.10.002_bib27) 2008 Cohen (10.1016/j.cose.2011.10.002_bib7) 1978 Sabelfeld (10.1016/j.cose.2011.10.002_bib38) 2009 10.1016/j.cose.2011.10.002_bib11 Huang (10.1016/j.cose.2011.10.002_bib16) 2004 Magazinius (10.1016/j.cose.2011.10.002_bib25) 2010 Le Guernic (10.1016/j.cose.2011.10.002_bib19) 2006; vol. 4435 Volpano (10.1016/j.cose.2011.10.002_bib47) 1999; vol. 1694 Leroy (10.1016/j.cose.2011.10.002_bib20) 2003; 30 Vogt (10.1016/j.cose.2011.10.002_bib46) 2007 Goguen (10.1016/j.cose.2011.10.002_bib14) 1982 Hamlen (10.1016/j.cose.2011.10.002_bib15) 2006; 28 Sabelfeld (10.1016/j.cose.2011.10.002_bib37) 2003; 21 10.1016/j.cose.2011.10.002_bib1 Winskel (10.1016/j.cose.2011.10.002_bib50) 1993 Facebook (10.1016/j.cose.2011.10.002_bib12) 2009 Austin (10.1016/j.cose.2011.10.002_bib4) 2010 Ligatti (10.1016/j.cose.2011.10.002_bib21) 2005; 4 Schneider (10.1016/j.cose.2011.10.002_bib39) 2000; 3 Simonet (10.1016/j.cose.2011.10.002_bib42) 2003 Boudol (10.1016/j.cose.2011.10.002_bib5) 2009 Magazinius (10.1016/j.cose.2011.10.002_bib24) 2010 Kozen (10.1016/j.cose.2011.10.002_bib17) 1999; vol. 1672
References_xml	– year: 2008 ident: bib29 article-title: Caja: safe active content in sanitized javascript – reference: Erlingsson U. The inlined reference monitor approach to security policy enforcement. PhD thesis, Cornell University, Ithaca, NY, USA, 2004. – year: Apr. 2010 ident: bib24 article-title: A lattice-based approach to mashup security publication-title: Proc. ACM symposium on information, computer and communications security (ASIACCS) – volume: 28 start-page: 175 year: 2006 end-page: 205 ident: bib15 article-title: Computability classes for enforcement mechanisms publication-title: ACM TOPLAS – volume: 24 start-page: 39 year: 2004 end-page: 46 ident: bib43 article-title: Enforcing security and safety models with an information flow analysis tool publication-title: ACM SIGAda Ada Letters – year: 2009 ident: bib12 article-title: FBJS – year: June 2010 ident: bib4 article-title: Permissive dynamic information flow analysis publication-title: Proc. ACM workshop on programming languages and analysis for security (PIAS) – start-page: 193 year: 2008 end-page: 205 ident: bib27 article-title: Quantitative information flow as network flow capacity publication-title: Proc. ACM SIGPLAN conference on programming language design and implementation – volume: vol. 3672 start-page: 352 year: Sept. 2005 end-page: 367 ident: bib44 article-title: Secure information flow as a safety problem publication-title: Proc. Symp. on static analysis – year: 1993 ident: bib50 article-title: The formal semantics of programming languages: an introduction – volume: vol. 4435 year: 2006 ident: bib19 article-title: Automata-based confidentiality monitoring publication-title: Proc. Asian computing science conference (ASIAN’06) – year: Feb. 2007 ident: bib46 article-title: Crosssite scripting prevention with dynamic data tainting and static analysis publication-title: Proc. network and distributed system security symposium – reference: ANTLR Parser Generator. – volume: 1 start-page: 11 year: 2007 ident: bib33 article-title: Browsershield: vulnerability-driven filtering of dynamic html publication-title: ACM Trans Web – volume: vol. 2000 start-page: 86 year: 2000 end-page: 101 ident: bib40 article-title: A language-based approach to security publication-title: Informatics—10 years back, 10 years ahead – year: July 2010 ident: bib35 article-title: Dynamic vs. static flow-sensitive security analysis publication-title: Proc. IEEE computer security foundations symposium – start-page: 11 year: Apr. 1982 end-page: 20 ident: bib14 article-title: Security policies and security models publication-title: Proc. IEEE Symp. on security and privacy – year: June 2009 ident: bib38 article-title: From dynamic to static and back: riding the roller coaster of information-flow control research publication-title: Proc. Andrei Ershov international conference on perspectives of system informatics, LNCS – year: 2010 ident: bib25 article-title: Inlined security monitor performance test – year: July 2003 ident: bib42 article-title: The flow caml system. Software release – year: 2009 ident: bib23 article-title: Isolating javascript with filters, rewriting, and wrappers publication-title: Proc. of ESORICS’09. LNCS – volume: 17 start-page: 143 year: May 1974 end-page: 147 ident: bib13 article-title: Memoryless subsystems publication-title: Comput J – volume: 3 start-page: 30 year: 2000 end-page: 50 ident: bib39 article-title: Enforceable security policies publication-title: ACM Trans Inf Syst Security – start-page: 332 year: Dec. 2006 end-page: 351 ident: bib45 article-title: Provably correct runtime enforcement of non-interference properties publication-title: Proc. International conference on information and communications security – volume: vol. 1672 start-page: 284 year: Sept. 1999 end-page: 298 ident: bib17 article-title: Language-based security publication-title: Proc. Mathematical foundations of computer science – reference: ; 2011. – year: July 2009 ident: bib34 article-title: Securing timeout instructions in web applications publication-title: Proc. IEEE computer security foundations symposium – year: June 2011 ident: bib30 article-title: Static analysis for efficient hybrid information-flow control publication-title: In Proc. IEEE computer security foundations symposium – volume: 20 start-page: 504 year: July 1977 end-page: 513 ident: bib9 article-title: Certification of programs for secure information flow publication-title: Comm ACM – year: June 2009 ident: bib3 article-title: Efficient purely-dynamic information flow analysis publication-title: Proc. ACM workshop on programming languages and analysis for security (PIAS) – start-page: 297 year: 1978 end-page: 335 ident: bib7 article-title: Information transmission in sequential programs publication-title: Foundations of secure computation – year: 2009 ident: bib8 article-title: Making javascript safe for advertising – reference: Opera, User JavaScript. – year: 2009 ident: bib22 article-title: Language-based isolation of untrusted Javascript. In Proc. of CSF’09 – volume: 30 start-page: 235 year: 2003 end-page: 269 ident: bib20 article-title: Java bytecode verification: algorithms and formalizations publication-title: J Automated Reasoning – year: July 2001 ident: bib31 article-title: Jif: java information flow. Software release – volume: vol. 1694 start-page: 303 year: Sept. 1999 end-page: 311 ident: bib47 article-title: Safety versus secrecy publication-title: Proc. symp. on static analysis – volume: 9 start-page: 341 year: Oct. 2000 end-page: 378 ident: bib49 article-title: The security architecture formerly known as stack inspection: a security mechanism for language-based systems publication-title: ACM Trans Software Eng Methodol – start-page: 218 year: July 2007 end-page: 232 ident: bib18 article-title: Automaton-based confidentiality monitoring of concurrent programs publication-title: Proc. IEEE computer security foundations symposium – volume: 21 start-page: 5 year: Jan. 2003 end-page: 19 ident: bib37 article-title: Language-based information-flow security publication-title: IEEE J Selected Areas Commun – start-page: 79 year: May 1994 end-page: 93 ident: bib28 article-title: A general theory of composition for trace sets closed under selective interleaving functions publication-title: Proc. IEEE symp. on security and privacy – year: Oct. 2009 ident: bib10 article-title: Flowsafe: information flow security for the browser – start-page: 203 year: July 2007 end-page: 217 ident: bib41 article-title: Dynamic dependency monitoring to secure information flow publication-title: Proc. IEEE computer security foundations symposium – year: July 2009 ident: bib2 article-title: Tight enforcement of information-release policies for dynamic languages publication-title: Proc. IEEE computer security foundations symposium – year: Sept. 2010 ident: bib26 article-title: On-the-fly inlining of dynamic security monitors publication-title: Proceedings of the IFIP international information security conference (SEC) – start-page: 40 year: May 2004 end-page: 52 ident: bib16 article-title: Securing web application code by static analysis and runtime protection publication-title: Proc. International conference on World Wide Web – volume: 4 start-page: 2 year: 2005 end-page: 16 ident: bib21 article-title: Edit automata: enforcement mechanisms for run-time security policies publication-title: Int J Inf Security – year: July 2010 ident: bib6 article-title: Information flow monitor inlining publication-title: Proc. IEEE computer security foundations symposium – year: Sept. 2009 ident: bib36 article-title: Tracking information flow in dynamic tree structures publication-title: Proc. European Symp. on research in computer security, LNCS – volume: 4 start-page: 167 year: 1996 end-page: 187 ident: bib48 article-title: A sound type system for secure flow analysis publication-title: J Comput Security – start-page: 20 year: Mar. 2009 end-page: 34 ident: bib5 article-title: Secure information flow as a safety property publication-title: Formal aspects in security and trust, third international workshop (FAST’08), LNCS – volume: vol. 3672 start-page: 352 year: 2005 ident: 10.1016/j.cose.2011.10.002_bib44 article-title: Secure information flow as a safety problem – ident: 10.1016/j.cose.2011.10.002_bib11 – volume: 17 start-page: 143 issue: 2 year: 1974 ident: 10.1016/j.cose.2011.10.002_bib13 article-title: Memoryless subsystems publication-title: Comput J doi: 10.1093/comjnl/17.2.143 – start-page: 20 year: 2009 ident: 10.1016/j.cose.2011.10.002_bib5 article-title: Secure information flow as a safety property – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib8 – year: 1993 ident: 10.1016/j.cose.2011.10.002_bib50 – volume: vol. 4435 year: 2006 ident: 10.1016/j.cose.2011.10.002_bib19 article-title: Automata-based confidentiality monitoring – start-page: 11 year: 1982 ident: 10.1016/j.cose.2011.10.002_bib14 article-title: Security policies and security models – volume: 1 start-page: 11 issue: 3 year: 2007 ident: 10.1016/j.cose.2011.10.002_bib33 article-title: Browsershield: vulnerability-driven filtering of dynamic html publication-title: ACM Trans Web doi: 10.1145/1281480.1281481 – start-page: 193 year: 2008 ident: 10.1016/j.cose.2011.10.002_bib27 article-title: Quantitative information flow as network flow capacity – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib2 article-title: Tight enforcement of information-release policies for dynamic languages – volume: 4 start-page: 2 year: 2005 ident: 10.1016/j.cose.2011.10.002_bib21 article-title: Edit automata: enforcement mechanisms for run-time security policies publication-title: Int J Inf Security doi: 10.1007/s10207-004-0046-8 – year: 2007 ident: 10.1016/j.cose.2011.10.002_bib46 article-title: Crosssite scripting prevention with dynamic data tainting and static analysis – volume: vol. 1672 start-page: 284 year: 1999 ident: 10.1016/j.cose.2011.10.002_bib17 article-title: Language-based security – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib36 article-title: Tracking information flow in dynamic tree structures – volume: 4 start-page: 167 issue: 3 year: 1996 ident: 10.1016/j.cose.2011.10.002_bib48 article-title: A sound type system for secure flow analysis publication-title: J Comput Security doi: 10.3233/JCS-1996-42-304 – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib34 article-title: Securing timeout instructions in web applications – volume: vol. 1694 start-page: 303 year: 1999 ident: 10.1016/j.cose.2011.10.002_bib47 article-title: Safety versus secrecy – start-page: 332 year: 2006 ident: 10.1016/j.cose.2011.10.002_bib45 article-title: Provably correct runtime enforcement of non-interference properties – start-page: 218 year: 2007 ident: 10.1016/j.cose.2011.10.002_bib18 article-title: Automaton-based confidentiality monitoring of concurrent programs – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib38 article-title: From dynamic to static and back: riding the roller coaster of information-flow control research – volume: 30 start-page: 235 issue: 3−4 year: 2003 ident: 10.1016/j.cose.2011.10.002_bib20 article-title: Java bytecode verification: algorithms and formalizations publication-title: J Automated Reasoning doi: 10.1023/A:1025055424017 – ident: 10.1016/j.cose.2011.10.002_bib32 – start-page: 297 year: 1978 ident: 10.1016/j.cose.2011.10.002_bib7 article-title: Information transmission in sequential programs – year: 2010 ident: 10.1016/j.cose.2011.10.002_bib26 article-title: On-the-fly inlining of dynamic security monitors – year: 2010 ident: 10.1016/j.cose.2011.10.002_bib24 article-title: A lattice-based approach to mashup security – volume: vol. 2000 start-page: 86 year: 2000 ident: 10.1016/j.cose.2011.10.002_bib40 article-title: A language-based approach to security – ident: 10.1016/j.cose.2011.10.002_bib1 – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib10 – volume: 28 start-page: 175 issue: 1 year: 2006 ident: 10.1016/j.cose.2011.10.002_bib15 article-title: Computability classes for enforcement mechanisms publication-title: ACM TOPLAS doi: 10.1145/1111596.1111601 – year: 2010 ident: 10.1016/j.cose.2011.10.002_bib6 article-title: Information flow monitor inlining – year: 2010 ident: 10.1016/j.cose.2011.10.002_bib35 article-title: Dynamic vs. static flow-sensitive security analysis – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib12 – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib3 article-title: Efficient purely-dynamic information flow analysis – volume: 20 start-page: 504 issue: 7 year: 1977 ident: 10.1016/j.cose.2011.10.002_bib9 article-title: Certification of programs for secure information flow publication-title: Comm ACM doi: 10.1145/359636.359712 – year: 2001 ident: 10.1016/j.cose.2011.10.002_bib31 – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib23 article-title: Isolating javascript with filters, rewriting, and wrappers – year: 2009 ident: 10.1016/j.cose.2011.10.002_bib22 – start-page: 79 year: 1994 ident: 10.1016/j.cose.2011.10.002_bib28 article-title: A general theory of composition for trace sets closed under selective interleaving functions – year: 2010 ident: 10.1016/j.cose.2011.10.002_bib4 article-title: Permissive dynamic information flow analysis – year: 2011 ident: 10.1016/j.cose.2011.10.002_bib30 article-title: Static analysis for efficient hybrid information-flow control – start-page: 40 year: 2004 ident: 10.1016/j.cose.2011.10.002_bib16 article-title: Securing web application code by static analysis and runtime protection – start-page: 203 year: 2007 ident: 10.1016/j.cose.2011.10.002_bib41 article-title: Dynamic dependency monitoring to secure information flow – year: 2008 ident: 10.1016/j.cose.2011.10.002_bib29 – year: 2003 ident: 10.1016/j.cose.2011.10.002_bib42 – volume: 3 start-page: 30 issue: 1 year: 2000 ident: 10.1016/j.cose.2011.10.002_bib39 article-title: Enforceable security policies publication-title: ACM Trans Inf Syst Security doi: 10.1145/353323.353382 – volume: 9 start-page: 341 issue: 4 year: 2000 ident: 10.1016/j.cose.2011.10.002_bib49 article-title: The security architecture formerly known as stack inspection: a security mechanism for language-based systems publication-title: ACM Trans Software Eng Methodol doi: 10.1145/363516.363520 – volume: 24 start-page: 39 issue: 4 year: 2004 ident: 10.1016/j.cose.2011.10.002_bib43 article-title: Enforcing security and safety models with an information flow analysis tool publication-title: ACM SIGAda Ada Letters doi: 10.1145/1046191.1032305 – year: 2010 ident: 10.1016/j.cose.2011.10.002_bib25 – volume: 21 start-page: 5 issue: 1 year: 2003 ident: 10.1016/j.cose.2011.10.002_bib37 article-title: Language-based information-flow security publication-title: IEEE J Selected Areas Commun doi: 10.1109/JSAC.2002.806121
SSID	ssj0017688
Score	2.099189
Snippet	How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based...
SourceID	swepub proquest crossref elsevier
SourceType	Open Access Repository Aggregation Database Enrichment Source Index Database Publisher
StartPage	827
SubjectTerms	Codes Data integrity Information Information flow Information management Information sharing Inlining Language Language-based security Non-interference Programming languages Reference monitors Security Software Studies
Title	On-the-fly inlining of dynamic security monitors
URI	https://dx.doi.org/10.1016/j.cose.2011.10.002 https://www.proquest.com/docview/1112233809 https://research.chalmers.se/publication/148773
Volume	31
WOSCitedRecordID	wos000311021100004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 customDbUrl: eissn: 1872-6208 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: AIEXJ dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Lj9MwELbKLgcuvBGFBeXAnqpUjpPG7rGCVoBWXaTtSr1ZdmJrW3XT7qZd7R_gfzN-pQFEBQcuUZXmZc94_Hk88w1CH0SqAdmTIk4SAQuUEsac1FjFGcEyzWCkl0rbYhN0OmXz-fBbp_M95MLcrWhVsfv74ea_ihrOgbBN6uw_iLt5KJyA3yB0OILY4fhXgj-vYgB1sV6ZjL6Vrf9gEGHpSs_3al-wrndtR7PfzAlcBb7GQ201Ily691pbMurFrg5-91agPLTKJ8wshSFBaFw3QqqV9nWwbfjkou1pSEgTs-bdXyEF5kLd7NYL0bvoj9qeSUOgjh1tZl85a8ooiXOCWdvceqPv1Iq2bCdzJAG_2XTnXlj2TQC_41y14XhkP4OFXfvpOZ9cnp3x2Xg--_lfO2GbpN88M-xAp-lkcxOb0mNmi_40_eTU4AE6JnQwBPt-PPoynn9ttqNgTcYaknhoo8--coGCv37XnxBOewXTZqW1SGb2FD32S5Bo5FTnGeqo6jl6EkQfeWv_AuG9JkVBk6K1jrwmRUE9oqBJL9HlZDz7-Dn2BTbiAlqxjQdYs5ImRZ5hUiS4pExluGBlXqaFEGqgWU5h-OYYMLPWWjCZEKUEVWb3LpMqfYWOqnWlXqNIW6CXaSEB9OlBLhQRmRB0qJVBlLqLktApvPDs86YIyoqHMMMlNx3JTUeac9CRXdRr7tk47pWDVw9CX3OPHh0q5KBIB-87CYLhfhjXZl0MuDlleNhFZ05YzScYQnbPxHXFiytb5qjm8FBY62RC5iknigpukDGXTFJewLwoSyFkUiZvDr_tLXq0H3kn6Gh7u1Pv0MPibruob997tfwBwnuxZg
linkProvider	Elsevier
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=On-the-fly+inlining+of+dynamic+security+monitors&rft.jtitle=Computers+%26+security&rft.au=Magazinius%2C+Jonas&rft.au=Russo%2C+Alejandro&rft.au=Sabelfeld%2C+Andrei&rft.date=2012-10-01&rft.pub=Elsevier+Sequoia+S.A&rft.issn=0167-4048&rft.eissn=1872-6208&rft.volume=31&rft.issue=7&rft.spage=827&rft_id=info:doi/10.1016%2Fj.cose.2011.10.002&rft.externalDBID=NO_FULL_TEXT&rft.externalDocID=2789641691
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon