On-the-fly inlining of dynamic security monitors

How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in su...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Computers & security Ročník 31; číslo 7; s. 827 - 843
Hlavní autoři: Magazinius, Jonas, Russo, Alejandro, Sabelfeld, Andrei
Médium: Journal Article
Jazyk:angličtina
Vydáno: Amsterdam Elsevier Ltd 01.10.2012
Elsevier Sequoia S.A
Témata:
Codes
Data integrity
Information
Information flow
Information management
Information sharing
Inlining
Language
Language-based security
Non-interference
Programming languages
Reference monitors
Security
Software
Studies
Non-interference
Information flow
Reference monitors
Language-based security
Inlining
ISSN:0167-4048, 1872-6208
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in such programs remains an open challenge. Recently, considerable progress has been made on understanding dynamic monitoring for secure information flow. This paper presents a framework for inlining dynamic information-flow monitors. A novel feature of our framework is the ability to perform inlining on the fly. We consider a source language that includes dynamic code evaluation of strings whose content might not be known until runtime. To secure this construct, our inlining is done on the fly, at the string evaluation time, and, just like conventional offline inlining, requires no modification of the hosting runtime environment. We present a forma!lization for a simple language to show that the inlined code is secure: it satisfies a non-interference property. We also discuss practical considerations experimental results based on both manual and automatic code rewriting.
Bibliografie:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2011.10.002