Noninterference through secure multi-execution

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2010, Pages 109-124

  Devriese, Dominique ^a   Piessens, Frank ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

ALTERNATIVE APPROACH; BENCHMARK SUITES; COVERT CHANNELS; DOM TREE; DYNAMIC MONITORING SYSTEM; EXECUTION TIME; I/O OPERATIONS; INFORMATION FLOW ANALYSIS; JAVASCRIPT; LANGUAGE FEATURES; MULTI CORE; NON-DETERMINISM; POSSIBLE SOLUTIONS; SECURITY LEVEL; SIDE EFFECT; TYPE SYSTEMS;

JAVA PROGRAMMING LANGUAGE; LINGUISTICS;

QUERY LANGUAGES;

EID: 77955223614     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2010.15     Document Type: Conference Paper

References (27)

1. D. Volpano, C. Irvine, and G. Smith, "A sound type system for secure flow analysis," Journal of computer security, vol. 4, no. 2/3, pp. 167-188, 1996.
2. N. Heintze and J. G. Riecke, "The SLam calculus: programming with secrecy and integrity," in POPL, 1998, pp. 365-377.
3. A. C. Myers, "JFlow: Practical mostly-static information flow control," in POPL, 1999, pp. 228-241.
4. M. Zanotti, "Security typings by abstract interpretation," in Proc. Symposium on Static Analysis, 2002, pp. 360-375.
5. D. E. Denning and P. J. Denning, "Certification of programs for secure information flow," Comm. of the ACM, vol. 20, no. 7, pp. 504-513, 1977.
6. G. Le Guernic, A. Banerjee, T. Jensen, and D. Schmidt, "Automata-based confidentiality monitoring," in ASIAN, 2006, pp. 75-89.
7. A. Russo, A. Sabelfeld, and A. Chudnov, "Tracking information flow in dynamic tree structures," in ESORICS, 2009, pp. 86-103.
8. N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August, "RIFLE: An architectural framework for user-centric information-flow security," in MICRO, 2004, pp. 243-254.
9. F. B. Schneider, "Enforceable security policies," ACM Trans. Information and System Security, vol. 3, no. 1, pp. 30-50, 2000.
10. "Mozilla spidermonkey website." [Online], Available: http://www.mozilla.org/js/spidermonkey/
11. "Google chrome v8 benchmark suite instructions." [Online], Available: http://code.google.com/apis/v8/benchmarks.html
12. M. Johns, "On JavaScript malware and related threats," Journal in Computer Virology, vol. 4, no. 3, pp. 161-178, 2008.
13. R. Chugh, J. A. Meister, R. Jhala, and S. Lerner, "Staged information flow for javascript," in PLDI, 2009, pp. 50-62.
14. S. Maffeis, J. C. Mitchell, and A. Taly, "Isolating javascript with filters, rewriting, and wrappers," in ESORICS, 2009, pp. 505-522.
15. A. Russo, J. Hughes, D. Naumann, and A. Sabelfeld, "Closing internal timing channels by transformation," in ASIAN, 2006, pp. 120-135.
16. D. Volpano and G. Smith, "Eliminating covert flows with minimum typings," in Computer Security Foundations Workshop, 1997, pp. 156-168.
17. "Valgrind user manual - massif: a heap profiler." [Online], Available: http://valgrind.org/docs/manual/ms-manual.html
18. F. Tip, "A survey of program slicing techniques," Journal of programming languages, vol. 3, no. 3, pp. 121-189, 1995.
19. D. Devriese and F. Piessens, "Secure multiexecution experiment source code." [Online], Available: http://www.cs.kuleuven.be/~dominiqu/ permanent/sme-experiment.tar.gz
20. A. Sabelfeld and A. Myers, "Language-based information-flow security," IEEE Journal on selected areas in communications, vol. 21, no. 1, pp. 5-19, 2003.
21. G. Smith and D. Volpano, "Secure information flow in a multi-threaded imperative language," in POPL, 1998, pp. 355-364.
22. G. Le Guernic, "Confidentiality enforcement using dynamic information flow analyses," Ph.D. dissertation, Kansas State University, 2007.
23. F. Pottier and V. Simonet, "Information flow inference for ML," ACM Trans. Program. Lang. Syst., vol. 25, no. 1, pp. 117-158, 2003.
24. G. Barthe, P. R. D'Argenio, and T. Rezk, "Secure information flow by self-composition," in CSFW, 2004, pp. 100-114.
25. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Krügel, and G. Vigna, "Cross site scripting prevention with dynamic data tainting and static analysis," in NDSS, 2007.
26. A. R. Yumerefendi, B. Mickle, and L. P. Cox, "TightLip: Keeping applications from spilling the beans," in NSDI, 2007.
27. A. Russo and A. Sabelfeld, "Dynamic vs. static flowsensitive security analysis," 2010, unpublished.