State-based usage control enforcement with data flow tracking using system call interposition

NSS 2009 - Network and System Security

Volumn , Issue , 2009, Pages 373-380

  Harvan, Matúš ^a   Pretschner, Alexander ^b  

^a ETH ZURICH   (Switzerland)

^b FRAUNHOFER IESE   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

DATA FLOW; DATA PROTECTION; DATAFLOW MODEL; MAIN MEMORY; NETWORK SOCKETS; PERFORMANCE MEASUREMENTS; POLICY ENFORCEMENT; SENSITIVE DATAS; STATE-BASED; SYSTEM CALL INTERPOSITION; SYSTEM CALLS; USAGE CONTROL;

ACCESS CONTROL; INTRUSION DETECTION; LAWS AND LEGISLATION; NETWORK SECURITY;

DATA FLOW ANALYSIS;

EID: 72849109064     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NSS.2009.51     Document Type: Conference Paper

References (14)

1. J. Park and R. Sandhu, "The ucon abc usage control model," ACM Transactions on Information and Systems Security, pp. 128-174, 2004.
2. M. Hilty, D. Basin, and A. Pretschner, "On obligations," in Proc. ESORICS, 2005, pp. 98-117.
3. B. W. Lampson, "A note on the confinement problem," Commun. ACM, vol. 16, no. 10, pp. 613-615, 1973.
4. M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter, "A policy language for distributed usage control," in Proc. ESORICS, 2007, pp. 531-546.
5. F. B. Schneider, "Enforceable security policies," ACM Trans. Inf. Syst. Secur., vol. 3, no. 1, pp. 30-50, 2000.
6. N. Provos, "Improving host security with system call policies," in Proc. SSYM, 2003, pp. 257-272.
7. S. McCamant and M. D. Ernst, "Quantitative information flow as network flow capacity," in Proc. PLDI, 2008, pp. 193-205.
8. A. C. Myers and B. Liskov, "A decentralized model for information flow control," in Proc. SOSP, 1997, pp. 129-142.
9. D. E. Denning, "A lattice model of secure information flow," CACM, vol. 19, no. 5, pp. 236-243, 1976.
10. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris, "Labels and event processes in the asbestos operating system," in Proc. SOSP, 2005, pp. 17-30.
11. M. N. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris, "Information flow control for standard os abstractions," in SOSP, 2007, pp. 321-334.
12. F. Hsu, H. Chen, T. Ristenpart, J. Li, and Z. Su, "Back to the future: A framework for automatic malware removal and system repair," pp. 257-268, 2006.
13. X. Wang, Z. Li, N. Li, and J. Y. Choi, "Precip: Towards practical and retrofittable confidential information protection," in NDSS, 2008.
14. X. Jiang, A. Walters, D. Xu, E. Spafford, F. Buchholz, and Y.-M. Wang, "Provenance-aware tracing of worm break-in and contaminations: A process coloring approach," in ICDCS, 2006, p. 38.