A type system for data-flow integrity on windows Vista

PLAS'08: Proceedings of the ACM SIGPLAN 3rd Workshop on Programming Languages and Analysis for Security

Volumn , Issue , 2008, Pages 89-100

  Chaudhuri, Avik ^a   Naldurg, Prasad ^b   Rajamani, Sriram ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b MICROSOFT RESEARCH   (United States)

Author keywords

Data flow integrity; Dynamic access control; Explicit substitution; Hybrid type system

Indexed keywords

DATA-FLOW INTEGRITY; DYNAMIC ACCESS CONTROL; EXPLICIT SUBSTITUTION; HYBRID TYPE SYSTEM; INTERESTING MODELS; OPERATING SYSTEMS; RUNTIME ACCESSES; TYPE SYSTEMS; TYPECHECKING; WINDOWS VISTAS;

ACCESS CONTROL; CODES (SYMBOLS); COMPUTER OPERATING SYSTEMS; COMPUTER SOFTWARE; COMPUTERS; DATA FLOW ANALYSIS; LINGUISTICS; QUALITY ASSURANCE; SECURITY OF DATA; TECHNICAL PRESENTATIONS; WINDOWS;

WINDOWS OPERATING SYSTEM;

EID: 57349156632     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1375696.1375708     Document Type: Conference Paper

References (60)

1. M. Abadi. Secrecy by typing in security protocols. Journal of the ACM, 46(5):749-786, 1999.
2. M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. In POPL '99: Principles of Programming Languages, pages 147-160. ACM, 1999.
3. M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. In POPL '02: Principles of Programming Languages, pages 33-44. ACM, 2002.
4. M. Abadi, L. Cardelli, P.-L. Curien, and J.-J. Levy. Explicit substitutions. In POPL '90: Principles of Programming Languages, pages 31-46. ACM, 1990.
5. M. Abadi and C. Foumet. Mobile values, new names, and secure communication. In POPL'01: Principles of Programming Languages, pages 104-115. ACM, 2001.
6. M. Abadi, B. Lampson, and J.-J. Lévy. Analysis and caching of dependencies. In ICFP '96: International Conference on Functional Programming, pages 83-91. ACM, 1996.
7. B. Alpem and F. B. Schneider. Defining liveness. Information Processing Letters, 21(5):181-185, 1985.
8. A. Banerjee and D. Naumann. Using access control for secure information flow in a Java-like language. In CSFW'03: Computer Security Foundations Workshop, pages 155-169. IEEE, 2003.
9. K. J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, MITRE Corporation, 1977.
10. G. Boudol and I. Castellani. Noninterference for concurrent programs and thread systems. Theoretical Computer Science, 281(1-2):109-130, 2002.
11. L. Cardelli, G. Ghelli, and A. D. Gordon. Secrecy and group creation. Information and Computation, 196(2):127-155, 2005.
12. M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In OSDI'06: Operating Systems Design and Implementation, pages 147-160. USENIX, 2006.
13. A. Chaudhuri. Dynamic access control in a concurrent object calculus. In CONCUR'06: Concurrency Theory, pages 263-278. Springer, 2006.
14. A. Chaudhuri and M. Abadi. Secrecy by typing and file-access control. In CSFW'06: Computer Security Foundations Workshop, pages 112-123. IEEE, 2006.
15. A. Chaudhuri, P. Naldurg, and S. Rajamani. A type system for dataflow integrity on Windows Vista. Technical Report TR-2007-86, Microsoft Research, 2007. Also available as an arXiv e-print at http://arxiv.org/abs/0803.3230.
16. D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In SP '87: Symposium on Security and Privacy, pages 184-194. IEEE, 1987.
17. J. Clause, W. Li, and A. Orso. Dytan: a generic dynamic taint analysis framework. In ISSTA'07: International Symposium on Software Testing and Analysis, pages 196-206. ACM, 2007.
18. M. Conover. Analysis of the Windows Vista security model. Available at www.Symantec.com/avcenter/reference/Windows-Vista-Security-Model-Analysis.pdf.
19. D. E. Demiing and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504-513, 1977.
20. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In SOSP'05: Symposium on Operating Systems Principles, pages 17-30. ACM, 2005.
21. M. Felleisen. The theory and practice of first-class prompts. In POPL'88: Principles of Programming Languages, pages 180-190. ACM, 1988.
22. C. Flanagan. Hybrid type checking. In POPL'06: Principles of Programming Languages, pages 245-256. ACM, 2006.
23. C. Fournet, A. D. Gordon, and S. Maffeis. A type discipline for authorization policies. In ESOP '05: European Symposium on Programming, pages 141-156. Springer, 2005.
24. J. A. Goguen and J. Meseguer. Security policies and security models. In SP'82: Symposium on Security and Privacy, pages 11-20. IEEE, 1982.
25. A. D. Gordon and P. D. Hankin. A concurrent object calculus: Reduction and typing. In HLCL'98: High-Level Concurrent Languages, pages 248-264. Elsevier, 1998.
26. A. D. Gordon and A. Jeffrey. Typing correspondence assertions for communication protocols. Theoretical Computer Science, 300(1-3):379-409, 2003.
27. A. D. Gordon and A. Jeffrey. Secrecy despite compromise: Types, cryptography, and the pi-calculus. In CONCUR '05: Concurrency Theory, pages 186-201. Springer, 2005.
28. M. Hennessy, J. Rathke, and N. Yoshida. SafeDpi: A language for controlling mobile code. Acta Informatica, 42(4-5):227-290, 2005.
29. M. Hennessy and J. Riely. Information flow vs. resource access in the asynchronous pi-calculus. ACM Transactions on Programming Languages and Systems, 24(5):566-591, 2002.
30. K. Honda and N. Yoshida. A uniform type structure for secure information flow. In POPL'02: Principles of Programming Languages, pages 81-92. ACM, 2002.
31. D. Hoshina, E. Sumii, and A. Yonezawa. A typed process calculus for fine-grained resource access control in distributed computation. In TACS'01: Theoretical Aspects of Computer Software, pages 64-81. Springer, 2001.
32. M. Howard and D. LeBlanc. Writing Secure Code for Windows Vista. Microsoft Press, 2007.
33. N. Kobayashi. Type-based information flow analysis for the pi-calculus. Acta Informatica, 42(4-5):291-347, 2005.
34. L. Lamport. Proving the correctness of multiprocess programs. IEEE Transactions on Software Engineering, 3(2):125-143, 1977.
35. B. W. Lampson. Protection. ACM Operating Systems Review, 8(l):18-24, Jan 1974.
36. J.-J. Lévy. Reductions correctes et optimales dans le lambda-calcul. PhD thesis, Université Paris 7, 1978.
37. P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In POPL '05: Principles of Programming Languages, pages 158-170. ACM, 2005.
38. L.Wall, T.Christiansen, and R.Schwartz. Programming Perl. O'Reilly, 1996.
39. A. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification. In CSFW'04: Computer Security Foundations Workshop, pages 172-186. IEEE, 2004.
40. G. C. Necula. Proof-carrying code. In POPL'97: Principles of Programming Languages, pages 106-119. ACM, 1997.
41. M. Pistoia, A. Banerjee, and D. A. Naumann. Beyond stack inspection: A unified access-control and information-flow security model. In SP'07: Symposium on Security and Privacy, pages 149-163. IEEE, 2007.
42. F. Pottier and S. Conchon. Information flow inference for free. In ICFP'00: International Conference on Functional Programming, pages 46-57. ACM, 2000.
43. F. Pottier, C. Skalka, and S. Smith. A systematic approach to static access control. ACM Transactions on Programming Languages and Systems, 27(2):344-382, 2005.
44. M. Russinovich, Inside Windows Vista User Access Control. Microsoft Technet Magazine, June 2007. Available at http://www.microsoft.com/ technet/technetmag/issues/2007/06/UAC/.
45. A. Sabelfeld and A. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, 2003.
46. U. Shankar, T. Jaeger, and R. Sailer. Toward automated information-flow integrity verification for security-critical applications. In NDSS '06: Network and Distributed System Security Symposium. ISOC, 2006.
47. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS'04: Architectural Support for Programming Languages and Operating Systems, pages 85-96. ACM, 2004.
48. S. Tse and S. Zdancewic. Run-time principals in information-flow type systems. In SP'04: Symposium on Security and Privacy, pages 179-193. IEEE, 2004.
49. P. Vogt, F. Nentwich, N. Jovanovic, C. Kruegel, E. Kirda, and G. Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In NDSS'07: Network and Distributed System Security Symposium. ISOC, 2007.
50. D. Volpano, C. Irvine, and G. Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4(2-3): 167-187, 1996.
51. P. Wadler and R. B. Findler. Well-typed programs can't be blamed. In Scheme'07: Scheme and Functional Programming, 2007.
52. Windows Vista TechCenter. Understanding and configuring User Account Control in Windows Vista. Available at http://technet.microsoft.com/en-us/ windowsvista/ aa905117.aspx.
53. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. In CCS'07: Computer and Communications Security, pages 116-127. ACM, 2007.
54. N. Yoshida. Channel dependent types for higher-order mobile processes. In POPL'04: Principles of Programming Languages, pages 147-160. ACM, 2004.
55. S. Zdancewic and A. C. Myers. Robust declassification. In CSFW'01: Computer Security Foundations Workshop, pages 5-16. IEEE, 2001.
56. S. Zdancewic and A. C. Myers. Secure information flow via linear continuations. Higher Order and Symbolic Computation, 15(2/3):209-234, 2002.
57. S. Zdancewic and A. C. Myers. Observational determinism for concurrent program security. In CSFW'03: Computer Security Foundations Workshop, pages 29-43. IEEE, 2003.
58. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In OSDI'06: Operating Systems Design and Implementation, pages 19-19. USENIX, 2006.
59. L. Zheng. Personal communication, July 2007.
60. L. Zheng and A. Myers. Dynamic security labels and noninterference. In FAST'04: Formal Aspects in Security and Trust, pages 27-40. Springer, 2004.