Preventing information leaks through shadow executions

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2008, Pages 322-331

  Capizzi, Roberto ^a   Longo, Antonio ^a   Venkatakrishnan, V N ^b   Sistla, A Prasad ^b  

^a POLITECNICO DI MILANO   (Italy)

^b UNIVERSITY OF ILLINOIS AT CHICAGO   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

SECURITY SYSTEMS; SOFTWARE PROTOTYPING;

DESKTOP APPLICATIONS; END USERS; EXTERNAL NETWORKS; PERSONAL INFORMATIONS; PROTOTYPE IMPLEMENTATIONS; SOFTWARE VERSIONS; WINDOWS APPLICATIONS;

COMPUTER APPLICATIONS;

EID: 60649120947     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2008.50     Document Type: Conference Paper

References (28)

1. G. Barthe, P. D'Argenio, and T. Rezk. Secure information flow by self-composition. In Proc. IEEE Computer Security Foundations Workshop, 2004.
2. L. Cavallaro, P. Saxena, and R. Sekar. On the limits of information flow techniques for malware analysis and containment. In Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA), July 2008.
3. A. Darvas, R. Hähnle, and D. Sands. A theorem proving approach to analysis of secure information flow. In Proc. 2nd International Conference on Security in Pervasive Computing, 2005.
4. M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic spyware analysis. In USENIX Annual Technical Conference, Berkeley, CA, USA, 2007.
5. J. A. Goguen and J. Meseguer. Security policies and security models. In IEEE Symposium on Security and Privacy, pages 11-20, Apr. 1982.
6. G. Hunt and D. Brubacher. Detours: binary interception of win32 functions. In USENIX Windows NT Symposium, Berkeley, CA, USA, 1999.
7. InnoTek. VirtualBox Documentation available at http://www.virtualbox. org/. http://www.virtualbox.org.
8. R. Joshi and K. R. M. Leino. A semantic approach to secure information flow. Science of Computer Programming, 37(1-3):113-138, 2000.
9. T. Khatiwala, R. Swaminathan, and V. N. Venkatakrishnan. Data sandboxing: A technique for enforcing confidentiality policies. In ACSAC, Miami Beach, Dec. 2006.
10. Load time analyzer: A Firefox add-on. Available at https://addons.mozilla.org/en-US/firefox/addon/3371.
11. MSDN. Hooks Documentation available at http://msdn2.microsoft.com/en- us/library/ms632589.aspx. http://msdn.microsoft.com.
12. A. C. Myers. JFlow: Practical mostly-static information flow control. In ACM Symposium on Principles of Programming Languages (POPL), Jan. 1999.
13. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Network and Distributed Systems Security, 2005.
14. F. Pottier and V. Simonet. Information flow inference for ml. In ACM Symposium on Principles of Programming Languages (POPL), 2002.
15. T. Richardson, Q. Stafford-Fraser, K. R. Wood, and A. Hopper. Virtual network computing. IEEE Internet Computing, 2(1):33-38, 1998.
16. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE J. Selected Areas in Communications, 21(1), Jan. 2003.
17. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In Architectural Support for Programming Languages and Operating Systems, 2004.
18. T. Terauchi and A. Aiken. Secure information flow as a safety problem. In Static Analysis Symposium (SAS), 2005.
19. TightVNC. Available at http://www.tightvnc.org.
20. S. Tse and S. Zdancewic. Run-time principals in information-flow type systems. In IEEE Symposium on Security and Privacy., 2004.
21. V.N. Venkatakrishnan, W. Xu, D. C. DuVarney, and R. Sekar. Provably correct runtime enforcement of non-interference properties. In ICICS Raleigh, NC, November 2006.
22. L. Wall, T. Christiansen, and R. Schwartz. Programming Perl. O'Reilly, 1996.
23. H. Wang, S. Jha, and V. Ganapathy. Netspy: Automatic generation of spyware signatures for NIDS. In ACSA Computer Applications Security Conference, Dec. 2006.
24. WireShark: a network protocol analyzer. Available at http://www.wireshark.org/docs.
25. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In USENIX Security Symposium, 2006.
26. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. In ACM Conference on Computer and Comm. Security, Alexandra, Oct 2007.
27. A. R. Yumerefendi, B. Mickle, and L. P. Cox. Tightlip: Keeping applications from spilling the beans. In NSDI. USENIX, 2007.
28. L. Zheng and A. Myers. Dynamic security labels and noninterference. In Workshop on Formal Aspects in Security and Trust (FAST), 2004.