Information flow analysis for mobile code in dynamic security environments
作者: Robert Grabowski
DOI:
关键词:
摘要: With the growing amount of data handled by Internet-enabled mobile devices, task preventing software from leaking confidential information is becoming increasingly important. At the same time, mobile applications are typically executed on different devices whose users have varying requirements for the privacy their data. Users should be able to define their personal security settings, and they get a reliable assurance that installed respects these settings. Language-based flow focuses on the analysis programs determine flows among accessed resources different levels, to verify formally certify these follow a given policy. In code scenario, however, both dynamic aspect environment fact mobile software distributed as bytecode pose challenge existing static approaches. This thesis presents a language-based mechanism in the presence dynamic environments. An object-oriented high-level language well equipped with facilities inspect user-defined security settings at runtime. way, developer can create privacy-aware adapt behaviour to arbitrary environments, property formalized as "universal noninterference". statically verified an type system uses restrictive forms dependent types judge abstractly on concrete security policy effective To verify compiled bytecode programs, low-level version is presented works intermediate representation in which original program structure partially restored. Rigorous soundness proofs type-preserving compilation enable generation certified in style of proof-carrying code. show practical feasibility the approach, implemented demonstrated a concrete application where personal sent from a device server Internet.
参考文章(74)
Ellis Cohen, Information transmission in computational systems ACM SIGOPS Operating Systems Review. ,vol. 11, pp. 133- 139 ,(1977) , 10.1145/1067625.806556
Lennart Beringer, Kenneth MacKenzie, Ian Stark, Grail: a functional form for imperative mobile code Electronic Notes in Theoretical Computer Science. ,vol. 85, pp. 3- 23 ,(2003) , 10.1016/S1571-0661(05)80083-0
Hongseok Yang, Relational separation logic Theoretical Computer Science. ,vol. 375, pp. 308- 334 ,(2007) , 10.1016/J.TCS.2006.12.036
A. Sabelfeld, D. Sands, Dimensions and principles of declassification ieee computer security foundations symposium. pp. 255- 269 ,(2005) , 10.1109/CSFW.2005.15
G. Barthe, D. Naumann, T. Rezk, Deriving an information flow checker and certifying compiler for Java ieee symposium on security and privacy. pp. 230- 242 ,(2006) , 10.1109/SP.2006.13
H. Mantel, A. Sabelfeld, A generic approach to the security of multi-threaded programs ieee computer security foundations symposium. pp. 126- 142 ,(2001) , 10.1109/CSFW.2001.930142
A. Sabelfeld, A.C. Myers, Language-based information-flow security IEEE Journal on Selected Areas in Communications. ,vol. 21, pp. 5- 19 ,(2003) , 10.1109/JSAC.2002.806121
Dorothy E Denning, Peter J Denning, None, Certification of programs for secure information flow Communications of the ACM. ,vol. 20, pp. 504- 513 ,(1977) , 10.1145/359636.359712
Robert Grabowski, Noninterference for Mobile Code with Dynamic Security Domains ,(2008)
Roberto Giacobazzi, Isabella Mastroeni, Abstract non-interference: parameterizing non-interference by abstract interpretation symposium on principles of programming languages. ,vol. 39, pp. 186- 197 ,(2004) , 10.1145/964001.964017