A lattice model of secure information flow

Denning, Dorothy E.

doi:10.1145/360051.360056

Cited by 1,452 publications

(773 citation statements)

References 11 publications

Supporting

Mentioning

768

Contrasting

Unclassified

Order By: Relevance

“…For instance, dynamic taint analysis (DTA) is used by many projects [32,[51][52][53], and is a able to detect control hijacking and code-injection attacks, but incurs large slowdowns (e.g., frequently 20x or more). Due to their large overhead, dynamic solutions are mostly used for the analysis of attacks and malware [54], and in honeypots [55].…”

Section: Related Workmentioning

confidence: 99%

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Portokalidis

Keromytis

2011

Advances in Information Security

View full text Add to dashboard Cite

Abstract. Instruction-set randomization (ISR) obfuscates the "language" understood by a system to protect against code-injection attacks by presenting an ever-changing target. ISR was originally motivated by code injection through buffer overflow vulnerabilities. However, Stuxnet demonstrated that attackers can exploit other vectors to place malicious binaries into a victim's filesystem and successfully launch them, bypassing most mechanisms proposed to counter buffer overflows. We propose the holistic adoption of ISR across the software stack, preventing the execution of unauthorized binaries and scripts regardless of their origin. Our approach requires that programs be randomized with different keys during a user-controlled installation, effectively combining the benefits of code whitelisting/signing and runtime program integrity. We discuss how an ISR-enabled environment for binaries can be implemented with little overhead in hardware, and show that higher-overhead softwareonly alternatives are possible. We use Perl and SQL to demonstrate the application of ISR in scripting environments with negligible overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Portokalidis

Keromytis

2011

Advances in Information Security

View full text Add to dashboard Cite

show abstract

“…Following Denning [9] we divide information flows into two classes: direct and indirect. Indirect flows are just the transitive flows (a flow from x to y followed by a flow from y to z implies a flow from x to z).…”

Section: Information Flowmentioning

confidence: 99%

Program Analysis Probably Counts

Pierro¹,

Hankin²,

Wiklicky³

2009

The Computer Journal

View full text Add to dashboard Cite

Abstract. Semantics-based program analysis uses an abstract semantics of programs/systems to statically determine run-time properties. Classic examples from compiler technology include analyses to support constant propagation and constant folding transformations and estimation of pointer values to prevent buffer overruns. More recent examples include the estimation of information flows (to enforce security constraints) and estimation of non-functional properties such as timing (to determine worst case execution times in hard real-time applications). The classical approaches are based on semantics involving discrete mathematics. Paralleling trends in model-checking, there have been recent moves towards using probabilistic and quantitative methods in program analysis. In this paper we will start by reviewing both classical and probabilistic/quantitative approaches to program analysis. We will provide a comparison of the two approaches. We will use a simple information flow analysis to exemplify the classical approach. The existence of covert information flows through timing channels are difficult to detect using classical techniques; we show how such problems can be addressed using probabilistic techniques.

show abstract

“…Our authorization framework can also be employed for implementing lattice-based access control (LBAC) policies [24]. LBAC has specifically been used in military, but sometimes LBAC has also been implemented in large enterprises [25].…”

Section: Implementing Lattice-based Access Control Policiesmentioning

confidence: 99%

Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

Sohr

Mustafa

Bao

et al. 2008

2008 Annual Computer Security Applications Conference (ACSAC)

View full text Add to dashboard Cite

Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints. Using this system, we also demonstrate how the authorization constraints can be specified in OCL and then be implemented by USE.

show abstract

A lattice model of secure information flow

Cited by 1,452 publications

References 11 publications

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Program Analysis Probably Counts

Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

Contact Info

Product

Resources

About