On-the-fly inlining of dynamic security monitors

Magazinius, Jonas; Russo, Alejandro; Sabelfeld, Andrei

doi:10.1016/j.cose.2011.10.002

Cited by 26 publications

(18 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The inlined code manipulates shadow variables to keep track of the security labels of the program's variables. Inlining information-flow security monitors have been explored for simple languages [9], [14], [39] without the heap. This approach has been pushed in the direction of JavaScript [48] targeting a large language subset including the scope chain, the heap and prototypical inheritance as well as closures.…”

Section: Related Workmentioning

confidence: 99%

Value-Sensitive Hybrid Information Flow Control for a JavaScript-Like Language

Hedin

Bello

Sabelfeld

2015

2015 IEEE 28th Computer Security Foundations Symposium

Self Cite

View full text Add to dashboard Cite

Secure integration of third-party code is one of the prime challenges for securing today's web. Recent empirical studies give evidence of pervasive reliance on and excessive trust in third-party JavaScript, with no adequate security mechanism to limit the trust or the extent of its abuse. Information flow control is a promising approach for controlling the behavior of third-party code and enforcing confidentiality and integrity policies. While much progress has been made on static and dynamic approaches to information flow control, only recently their combinations have received attention. Purely static analysis falls short of addressing dynamic language features such as dynamic objects and dynamic code evaluation, while purely dynamic analysis suffers from inability to predict side effects in non-performed executions. This paper develops a value-sensitive hybrid mechanism for tracking information flow in a JavaScriptlike language. The mechanism consists of a dynamic monitor empowered to invoke a static component on the fly. This enables us to achieve a sound yet permissive enforcement. We establish formal soundness results with respect to the security policy of noninterference. In addition, we demonstrate permissiveness by proving that we subsume the precision of purely static analysis and by presenting a collection of common programming patterns that indicate that our mechanism has potential to provide more permissiveness than dynamic mechanisms in practice.

show abstract

Section: Related Workmentioning

confidence: 99%

Value-Sensitive Hybrid Information Flow Control for a JavaScript-Like Language

Hedin

Bello

Sabelfeld

2015

2015 IEEE 28th Computer Security Foundations Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…We assume that a monitor based on security levels (for example, a purely dynamic monitor), is inlined in the program following the inlining technique simultaneously proposed by Chudnov and Naumann [10] and Russo and Sabelfeld [19]. Here, a program c is transformed into a program c, where each variable x has a shadow variable x representing the security label of x.…”

Section: A Hybrid Monitor Reusing An Inlined Monitormentioning

confidence: 99%

Hybrid Monitoring of Attacker Knowledge

Besson

Bielova

Jensen

2016

2016 IEEE 29th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Enforcement of noninterference requires proving that an attacker's knowledge about the initial state remains the same after observing a program's public output. We propose a hybrid monitoring mechanism which dynamically evaluates the knowledge that is contained in program variables. To get a precise estimate of the knowledge, the monitor statically analyses non-executed branches. We show that our knowledgebased monitor can be combined with existing dynamic monitors for non-interference. A distinguishing feature of such a combination is that the combined monitor is provably more permissive than each mechanism taken separately. We demonstrate this by proposing a knowledge-enhanced version of a no-sensitive-upgrade (NSU) monitor. The monitor and its static analysis have been formalized and proved correct within the Coq proof assistant.

show abstract

“…Magazinius et al [18] investigate sound inlining of security monitors for an imperative language supporting dynamic code evaluation but no references. Their monitor is purely dynamic since it uses a no-sensitive upgrade policy as in Austin and Flanagan [11].…”

Section: Related Workmentioning

confidence: 99%

Program Transformation for Non-interference Verification on Programs with Pointers

Assaf¹,

Signoles²,

Tronel

et al. 2013

Security and Privacy Protection in Information Processing Systems

View full text Add to dashboard Cite

Part 4: Software SecurityInternational audienceNovel approaches for dynamic information flow monitoring are promising since they enable permissive (accepting a large subset of executions) yet sound (rejecting all insecure executions) enforcement of non-interference. In this paper, we present a dynamic information flow monitor for a language supporting pointers. Our flow-sensitive monitor relies on prior static analysis in order to soundly enforce non-interference. We also propose a program transformation that preserves the behavior of initial programs and soundly inlines our security monitor. This program transformation enables both dynamic and static verification of non-interference

show abstract

On-the-fly inlining of dynamic security monitors

Cited by 26 publications

References 27 publications

Value-Sensitive Hybrid Information Flow Control for a JavaScript-Like Language

Value-Sensitive Hybrid Information Flow Control for a JavaScript-Like Language

Hybrid Monitoring of Attacker Knowledge

Program Transformation for Non-interference Verification on Programs with Pointers

Contact Info

Product

Resources

About