A software-hardware architecture for self-protecting data

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 14-27

  Chen, Yu Yuan ^a   Jamkhedkar, Pramod A ^a   Lee, Ruby B ^a  

^a PRINCETON UNIVERSITY   (United States)

Author keywords

Architecture; Information flow tracking; Self protecting data

Indexed keywords

CONFIDENTIAL INFORMATION; INFORMATION FLOWS; OUTPUT CONTROL; PLAINTEXT; RUNTIMES; SECURE DATA; SELF PROTECTING; SEMANTIC GAP; SENSITIVE DATAS; SOFTWARE POLICY; THIRD PARTY APPLICATION (APPS);

ARCHITECTURE; COMPUTER HARDWARE; COMPUTER SOFTWARE; HARDWARE; SEMANTICS;

SECURITY OF DATA;

EID: 84869482676     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2382196.2382201     Document Type: Conference Paper

References (33)

1. M. I. Al-Saleh and J. R. Crandall. On information flow for intrusion detection: what if accurate full-system dynamic information flow tracking was possible? In Proceedings of the Workshop on New Security Paradigms, pages 17-32, 2010.
2. D. Brumley, J. Caballero, Z. Liang, J. Newsome, and D. Song. Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation. In Proceedings of USENIX Security Symposium, pages 15:1-15:16, 2007.
3. D. Champagne and R. B. Lee. Scalable architectural support for trusted software. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture, pages 1-12, 2010.
4. S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic. Secureme: a hardware-software approach to full system security. In Proceedings of the International Conference on Supercomputing, pages 108-119, 2011.
5. C. Y. Cho, D. Babić, P. Poosankam, K. Z. Chen, E. X. Wu, and D. Song. Mace: model-inference-assisted concolic exploration for protocol and vulnerability discovery. In Proceedings of USENIX Security Symposium, pages 10-10, 2011.
6. J. Chow, B. Pfa?, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In Proceedings of USENIX Security Symposium, pages 22-22, 2004.
7. M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: a flexible information flow architecture for software security. In Proceedings of the ACM/IEEE International Symposium on Computer Architecture, pages 482-493, 2007.
8. J. S. Dwoskin and R. B. Lee. Hardware-rooted trust for secure key management and transient trust. In Proceedings of the ACM Conference on Computer and Communications Security, pages 389-400, 2007.
9. P. Efstathopoulos and E. Kohler. Manageable fine-grained information flow. In Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems, pages 301-313, 2008.
10. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the asbestos operating system. In Proceedings of the ACM Symposium on Operating Systems Principles, pages 17-30, 2005.
11. M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic spyware analysis. In Proceedings of the USENIX Annual Technical Conference, pages 18:1-18:14, 2007.
12. J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: cold boot attacks on encryption keys. In Proceedings of USENIX Security Symposium, pages 45-60, 2008.
13. R. Iannella. Open digital rights language (ODRL), Version 0.5, Aug. 2000. odrl.net/ODRL-05.pdf.
14. N. P. Jouppi. Improving direct-mapped cache performance by the addition of a small fully-associative cache and prefetch buffers. In Proceedings of the ACM/IEEE International Symposium on Computer Architecture, pages 364-373, 1990.
15. M. G. Kang, S. McCamant, P. Poosankam, and D. Song. DTA++: Dynamic taint analysis with targeted control-flow propagation. In Proceedings of the Network and Distributed System Security Symposium, 2011.
16. R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for protecting critical secrets in microprocessors. In Proceedings of the ACM/IEEE International Symposium on Computer Architecture, pages 2-13, 2005.
17. D. Lie, C. A. Thekkath, and M. Horowitz. Implementing an untrusted operating system on trusted hardware. In Proceedings of the ACM Symposium on Operating Systems Principles, pages 178-192, 2003.
18. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB Reduction and Attestation. In Proceedings of the IEEE Security and Privacy, pages 143-158, 2010.
19. J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: an execution infrastructure for TCB minimization. In Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems, pages 315-328, 2008.
20. V. Nagarajan, H.-S. Kim, Y. Wu, and R. Gupta. Dynamic information flow tracking on multicores. In Workshop on Interaction between Compilers and Computer Architectures, 2008.
21. J. Park and R. Sandhu. The UCONABC usage control model. ACM Trans. Inf. Syst. Secur., 7(1):128-174, 2004.
22. F. Qin, C. Wang, Z. Li, H.-s. Kim, Y. Zhou, and Y. Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In Proceedings of the IEEE/ACM International Symposium on Microarchitecture, pages 135-148, 2006.
23. A. Sabelfeld and A. C. Myers. Language-based information-flow security. Selected Areas in Communications, IEEE Journal on, 21(1):5-19, Jan. 2003.
24. L. Singaravelu, C. Pu, H. Härtig, and C. Helmuth. Reducing tcb complexity for security-sensitive applications: three case studies. In Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems, pages 161-174, 2006.
25. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, N. James, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In Proceedings of the International Conference on Information Systems Security. Keynote invited paper., pages 1-25, 2008.
26. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pages 85-96, 2004.
27. M. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. Complete information flow tracking from the gates up. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pages 109-120, 2009.
28. Trusted Computing Group. Trusted Platform Module. https://www. trustedcomputinggroup.org/home.
29. N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In Proceedings of the IEEE/ACM International Symposium on Microarchitecture, pages 243-254, 2004.
30. S. Vandebogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazières. Labels and event processes in the asbestos operating system. ACM Trans. Comput. Syst., 25, December 2007.
31. XrML 2.0 technical overview, version 1.0, March 2002. www.xrml.org/reference/XrMLTechnicalOverviewV1.pdf.
32. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. In Proceedings of the ACM Conference on Computer and Communications Security, pages 116-127, 2007.
33. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in histar. In Proceedings of the Symposium on Operating Systems Design and Implementation, pages 263-278, 2006.