CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

On Dynamic Flow-Sensitive Floating-Label Systems

Pablo Buiras (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; Deian Stefan ; Alejandro Russo (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
27th IEEE Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, 19-22 July 2014 (1063-6900). Vol. 2014-January (2014), p. 65-79.
[Konferensbidrag, refereegranskat]

Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable security labels, i.e., labels that can change over the course of the computation. This feature is often used to boost the permissiveness of the IFC monitor, by rejecting fewer programs, and to reduce the burden of explicit label annotations. However, when added naively, in a purely dynamic setting, mutable labels can expose a high bandwidth covert channel. In this work, we present an extension for LIO—a language-based floating-label system— that safely handles flow-sensitive references. The key insight to safely manipulating the label of a reference is to not only consider the label on the data stored in the reference, i.e., the reference label, but also the label on the reference label itself. Taking this into consideration, we provide an upgrade primitive that can be used to change the label of a reference in a safe manner. To eliminate the burden of determining when a reference should be upgraded, we additionally provide a mechanism for automatic upgrades. Our approach naturally extends to a concurrent setting, not previously considered by dynamic flow-sensitive systems. For both our sequential and concurrent calculi, we prove non-interference by embedding the flow-sensitive system into the flow-insensitive LIO calculus, a surprising result on its own.

Nyckelord: information-flow control, flow sensitivity, dynamic enforcement, floating label, language-based security

Article number 6957103
Pdf also available at: http://www.cse.chalmers.se/~russo/publications_files/csf2014.pdf

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2014-12-11. Senast ändrad 2016-11-02.
CPL Pubid: 207934


Läs direkt!

Länk till annan sajt (kan kräva inloggning)