On-the-fly Inlining of Dynamic Security Monitors

Abstract : Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in such programs remains an open challenge. Recently, considerable progress has been made on understanding dynamic monitoring for secure information flow. This paper presents a framework for inlining dynamic information-flow monitors. A novel feature of our framework is the ability to perform inlining on the fly. We consider a source language that includes dynamic code evaluation of strings whose content might not be known until runtime. To secure this construct, our inlining is done on the fly, at the string evaluation time, and, just like conventional offline inlining, requires no modification of the hosting runtime environment. We present a formalization for a simple language to show that the inlined code is secure: it satisfies a noninterference property. We also discuss practical considerations and preliminary experimental results.
Type de document :
Communication dans un congrès
Kai Rannenberg; Vijay Varadharajan; Christian Weber. 25th IFIP TC 11 International Information Security Conference (SEC) / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. Springer, IFIP Advances in Information and Communication Technology, AICT-330, pp.173-186, 2010, Security and Privacy - Silver Linings in the Cloud. 〈10.1007/978-3-642-15257-3_16〉
Liste complète des métadonnées

Littérature citée [44 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01054519
Contributeur : Hal Ifip <>
Soumis le : jeudi 7 août 2014 - 11:54:37
Dernière modification le : vendredi 11 août 2017 - 11:12:39
Document(s) archivé(s) le : mercredi 26 novembre 2014 - 01:33:46

Fichier

15-Paper-197-On-the-fly_Inlini...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Jonas Magazinius, Alejandro Russo, Andrei Sabelfeld. On-the-fly Inlining of Dynamic Security Monitors. Kai Rannenberg; Vijay Varadharajan; Christian Weber. 25th IFIP TC 11 International Information Security Conference (SEC) / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. Springer, IFIP Advances in Information and Communication Technology, AICT-330, pp.173-186, 2010, Security and Privacy - Silver Linings in the Cloud. 〈10.1007/978-3-642-15257-3_16〉. 〈hal-01054519〉

Partager

Métriques

Consultations de la notice

231

Téléchargements de fichiers

148