CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Explicit Secrecy: A Policy for Taint Tracking

Daniel Schoepe (Institutionen för data- och informationsteknik, Datavetenskap, Algoritmer (Chalmers)) ; Musard Balliu (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; B. C. Pierce ; Andrei Sabelfeld (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
1st IEEE European Symposium on Security and Privacy (Euro S&P), Saarbruecken, Germany, Mar 21-24, 2016 p. 15-30. (2016)
[Konferensbidrag, refereegranskat]

Taint tracking is a popular security mechanism for tracking data-flow dependencies, both in high-level languages and at the machine code level. But despite the many taint trackers in practical use, the question of what, exactly, tainting means-what security policy it embodies-remains largely unexplored. We propose explicit secrecy, a generic framework capturing the essence of explicit flows, i.e., the data flows tracked by tainting. The framework is semantic, generalizing previous syntactic approaches to formulating soundness criteria of tainting. We demonstrate the usefulness of the framework by instantiating it with both a simple high-level imperative language and an idealized RISC machine. To further understanding of what is achieved by taint tracking tools, both dynamic and static, we obtain soundness results with respect to explicit secrecy for the tainting engine cores of a collection of popular dynamic and static taint trackers.

Nyckelord: Computer Science, Theory & Methods, Engineering, Electrical & Electronic

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2016-11-25. Senast ändrad 2017-01-16.
CPL Pubid: 245647


Läs direkt!

Länk till annan sajt (kan kräva inloggning)