Measuring channel capacity to distinguish undue influence

PLAS'09 - Proceedings of the ACM SIGPLAN 4th Workshop on Programming Languages and Analysis for Security

Volumn , Issue , 2009, Pages 73-85

  Newsome, James ^a   Mccamant, Stephen ^b   Song, Dawn ^b  

^a BOSCH RESEARCH AND TECHNOLOGY CENTER   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Channel capacity; Model counting; Quantitative information flow

Indexed keywords

COMMODITY SOFTWARE; CONTROL VALUES; CONTROL-FLOW; DECISION PROCEDURE; FALSE NEGATIVE ERRORS; FALSE POSITIVE; FUNCTION POINTERS; MEASURING CHANNEL; MEASURING TECHNIQUE; NETWORK SERVER; PRACTICAL IMPLEMENTATION; PROBABILISTIC BOUNDS; QUANTITATIVE INFORMATION; QUANTITATIVE INFORMATION FLOW; QUANTITATIVE MEASURES; SAT SOLVERS; SECURITY APPLICATION; SQL SLAMMER;

COMPUTER SOFTWARE; COMPUTER SYSTEM FIREWALLS; COMPUTER WORMS; DYNAMIC ANALYSIS; ERRORS; LINGUISTICS; NETWORK SECURITY; PROBABILITY DISTRIBUTIONS; PROBLEM ORIENTED LANGUAGES; REFINING; SERVERS;

CHANNEL CAPACITY;

EID: 70450252184     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1554339.1554349     Document Type: Conference Paper

References (34)

1. M. Backes, B. Köpf, and A. Rybalchenko. Automatic discovery and quantification of information leaks. In Proceedings of the 2009 IEEE Symposium on Security and Privacy, May 2009.
2. K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, The Mitre Corporation, Apr. 1977.
3. BitBlaze project. http://bitblaze.cs.berkeley.edu/.
4. D. Brumley, J. Caballero, Z. Liang, J. Newsome, and D. Song. Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation. In Proceedings of USENIX Security Symposium, Aug. 2007.
5. M. Castro, M. Costa, and J.-P. Martin. Better bug reporting with better privacy. In 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 319-328, Mar. 2008.
6. J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In USENIX Security Symposium, August 2004.
7. D. Clark, S. Hunt, and P. Malacaria. Quantitative analysis of the leakage of confidential data. In Proceedings of Quantitative Aspects of Programming Languages, 2001.
8. D. Clark, S. Hunt, and P. Malacaria. Quantified interference for a while language. In Proceedings of Quantitative Aspects of Programming Languages, 2004.
9. M. R. Clarkson, A. C. Myers, and F. B. Schneider. Belief in information flow. In 18th IEEE Computer Security Foundations Workshop, pages 31-45, June 2005.
10. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of internet worms. In 20th ACM Symposium on Operating System Principles (SOSP), 2005.
11. . R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the International Symposium on Microarchitecture, December 2004.
12. J. R. Crandall, F. T. Chong, and S. F. Wu. Minos: Architectural support for protecting control data. Transactions on Architecture and Code Optimization (TACO), 3(4), Dec. 2006.
13. D. E. Denning. Cryptography and Data Security. Addison- Wesley Publishing Company, Inc., 1982.
14. E. Dijkstra. A Discipline of Programming. Prentice Hall, Englewood Cliffs, NJ, 1976.
15. S. Dorai-Raj and S. Graves. Adjusting likelihood ratio confidence intervals for parameters near boundaries applied to the binomial. In Joint Statistical Meeting (JSM), Aug. 2006.
16. M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic spyware analysis. In Proceedings of USENIX Annual Technical Conference, June 2007.
17. V. Ganesh and D. Dill. A decision procedure for bitvectors and arrays. In Proceedings of the 19th International Conference on Computer Aided Verification, 2007.
18. C. P. Gomes, A. Sabharwal, and B. Selman. Model counting: A new strategy for obtaining good bounds. In 21st AAAI Conference on Artificial Intelligence, 2006.
19. J. W. Gray III. Toward a mathematical foundation for information flow security. In Proceedings of the 1991 IEEE Symposium on Security and Privacy, 1991.
20. P. Malacaria. Assessing security threats of looping constructs. In Symposium on Principles of Programming Languages (POPL 2007), 2007.
21. P. Malacaria and H. Chen. Lagrange multipliers and maximum information leakage in different observational models. In Workshop on Programming Languages and Analysis for Security, pages 135-146, June 2008.
22. S. McCamant and M. D. Ernst. Quantitative information flow as network flow capacity. In Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, 2008.
23. J. K. Millen. Covert channel capacity. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, 1987.
24. J. Newsome, D. Brumley, J. Franklin, and D. Song. Replayer: Automatic protocol replay by binary analysis. In Proceedings of the 13th ACM Conference on Computer and and Communications Security (CCS), Oct. 2006.
25. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS), Feb. 2005.
26. G. Portokalidis, A. Slowinska, and H. Bos. Argos: an emulator for fingerprinting zero-day attacks. In Proceedings of the First European Conference on Systems (EuroSys), Apr. 2006.
27. A. Sabelfeld and A. C. Myers. Language-based informationflow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, Jan. 2003.
28. P. Saxena, P. Poosankam, S. McCamant, and D. Song. Loop-extended symbolic execution on binary programs. In International Symposium on Software Testing and Analysis (ISSTA), July 2009.
29. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In International Conference on Information Systems Security, pages 1-25, Hyderabad, India, Dec. 2008. Keynote invited paper.
30. G. E. Suh, J. Lee, and S. Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS XI, Oct. 2004.
31. N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. RIFLE: An architectural framework for usercentric information-flow security. In Proceedings of the 37th International Symposium on Microarchitecture, Dec. 2004.
32. V. Venkatakrishnan, W. Xu, D. DuVarney, and R. Sekar. Provably correct runtime enforcement of non-interference properties. In 8th Internation Conference on Information and Communications Security (ICICS), Dec. 2006.
33. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In 15th USENIX Security Symposium, 2006.
34. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of ACM Conference on Computer and Communication Security, Oct. 2007.