Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine

Chandra, Deepak; Franz, Michael

doi:10.1109/acsac.2007.4413012

Cited by 9 publications

(33 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, a static analysis approach could be problematic in a browser setting, where the analysis might need to be re-run on each browser client before program execution [Vogt et al 2007]. Finally, dynamic analysis also allows for somewhat more flexibility in applying policies, and can allow us to hot-swap information flow policies [Chandra and Franz 2007].…”

Section: Introductionmentioning

confidence: 98%

Efficient purely-dynamic information flow analysis

Austin

Flanagan

2009

Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security

159

200

View full text Add to dashboard Cite

We present a novel approach for efficiently tracking information flow in a dynamically-typed language such as JavaScript. Our approach is purely dynamic, and it detects problems with implicit paths via a dynamic check that avoids the need for an approximate static analyses while still guaranteeing non-interference. We incorporate this check into an efficient evaluation strategy based on sparse information labeling that leaves information flow labels implicit whenever possible, and introduces explicit labels only for values that migrate between security domains. We present experimental results showing that, on a range of small benchmark programs, sparse labeling provides a substantial (30%-50%) speed-up over universal labeling.

show abstract

Section: Introductionmentioning

confidence: 98%

Efficient purely-dynamic information flow analysis

Austin

Flanagan

2009

Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security

159

200

View full text Add to dashboard Cite

show abstract

“…The non-interference property is proved in much richer context with constructs of pointers and mutable state, private fields and class-based visibility, dynamic binding and inheritance, casts and type tests, and mutually recursive classes and methods. Bernardeschi and et al [8] use type-based abstract interpretation (which is similar to bytecode verification) to prove information flow safety of Java bytecode. They, like Denning, handle implicit flows and make use of the immediate post-dominator relation to declassify the security label of the execution context.…”

Section: Related Workmentioning

confidence: 99%

Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing

Franz

2009

2009 Cybersecurity Applications &Amp; Technology Conference for Homeland Security

Self Cite

View full text Add to dashboard Cite

Many software systems in use today have enormous trusted computing bases (TCBs). We propose an architecture that makes it possible to shrink the TCB of many such systems. Our solution is based on a virtual-machine (VM) with added information-flow capabilities. In our architecture, all application programs run outside of the TCB under the control of the VM and cannot cause information leaks even if they try. We have implemented a prototype of this architecture and found that the resulting run-time overhead is much lower than expected. In many deployment contexts, it will be perfectly reasonable to make such a moderate performance sacrifice for the benefit of security.

show abstract

“…Chandra and Franz [3] propose to use a trusted multilevel security Java virtual machine (JVM). This special JVM is said to execute completely untrusted programs without the risk of producing invalid flows.…”

Section: Related Workmentioning

confidence: 99%

“…At run-time, the monitor records the execution trace 3 and it may require the computation of dynamic slices to deduce if flows to output channels are secure or not.…”

Section: Run-time Information Flow Monitoring Using Dynamic Slicesmentioning

confidence: 99%

“…Slices can be computed statically or dynamically. In static slicing, 3 We denote the execution trace of the program under the given inputs by the sequence n 1 , ..., nn of dependence graph nodes appended in the order in which the respective statements are executed. Initialization nodes are implicitly included at the beginning of all execution traces.…”

Section: Run-time Information Flow Monitoring Using Dynamic Slicesmentioning

confidence: 99%

See 1 more Smart Citation

Run-time Information Flow Monitoring based on Dynamic Dependence Graphs

Cavadini

Cheda²

2008

2008 Third International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Protecting sensitive information-credit card data, personal medical information, etc-is becoming an increasingly important issue due to ubiquity of computing systems. Traditionally, confidentiality of information is guaranteed by access control mechanisms, but there is a renewed interest in developing mechanisms that track how information flows during program execution.There are two established means to enforce information flow policies: static verification, and run-time or dynamic monitoring. Run-time monitoring is more flexible than static verification, since it permits running all programs and only reject unsecure executions; of course, the increased flexibility is mitigated by a degradation of runtime performance.This work presents two techniques for dynamic information flow monitoring. Unlike most of run-time monitors that rely on program rewriting techniques, these techniques use dynamic dependence graphs to track information flow at run-time. The proposed approaches scale to real languages and can cope with declassification annotations.

show abstract

Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine

Cited by 9 publications

References 0 publications

Efficient purely-dynamic information flow analysis

Efficient purely-dynamic information flow analysis

Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing

Run-time Information Flow Monitoring based on Dynamic Dependence Graphs

Contact Info

Product

Resources

About