A Virtual Machine Based Information Flow Control System for Policy Enforcement
作者: Srijith K. Nair , Patrick N.D. Simpson , Bruno Crispo , Andrew S. Tanenbaum
DOI: 10.1016/J.ENTCS.2007.10.010
关键词: Virtual finite-state machine 、 Distributed computing 、 strictfp 、 Virtual machine 、 Overhead (computing) 、 Control (management) 、 Computer science 、 Tracing 、 Information flow (information theory) 、 Java
摘要: The ability to enforce usage policies attached data in a fine grained manner requires that the system be able trace and control flow of information within it. This paper presents design implementation such an system, named Trishul, as Java Virtual Machine. In particular we address problem tracing implicit flow, which had not been resolved by previous run-time systems additional intricacies added on architecture. We argue security benefits offered Trishul are substantial enough counter-weigh performance overhead shown our experiments.
acm.org
elsevier.com
srijith.net 
core.ac.uk 参考文章(19)
Thomas F. Knight, Jeremy Brown, A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow ,(2001)
Karl Forster, Information protection system ,(2001)
Gary Ellison, Li Gong, Inside Java 2 Platform Security: Architecture, API Design, and Implementation ,(1999)
Reiner Sailer, Leendert van Doorn, Trent Jaeger, Xiaolan Zhang, Design and implementation of a TCG-based integrity measurement architecture usenix security symposium. pp. 16- 16 ,(2004)
Dorothy Elizabeth Robling Denning, Secure information flow in computer systems. Purdue University. ,(1975)
Fred B. Schneider, Enforceable security policies ACM Transactions on Information and System Security. ,vol. 3, pp. 30- 50 ,(2000) , 10.1145/353323.353382
Israel Gat, Harry J. Saal, Memoryless execution: A programmer's viewpoint Software: Practice and Experience. ,vol. 6, pp. 463- 471 ,(1976) , 10.1002/SPE.4380060404
Silas Boyd-Wickizer, David Mazières, Nickolai Zeldovich, Eddie Kohler, Making information flow explicit in HiStar operating systems design and implementation. pp. 263- 278 ,(2006) , 10.5555/1298455.1298481
Dorothy E. Denning, A lattice model of secure information flow Communications of the ACM. ,vol. 19, pp. 236- 243 ,(1976) , 10.1145/360051.360056
Dawn Xiaodong Song, James Newsome, Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software network and distributed system security symposium. ,(2005)