PRECIP: Towards Practical and Retrofittable Confidential Information Protection.
作者: Jong Youl Choi , Ninghui Li , Zhuowei Li , XiaoFeng Wang
DOI:
关键词:
摘要: A grand challenge in information protection is how to preserve the confidentiality of sensitive under spyware surveillance. This problem has not been well addressed by existing access-control mechanisms which cannot prevent already a system from monitoring an authorized party’s interactions with data. Our answer this PRECIP, new security policy model takes first step towards practical and retrofittable confidential protection. designed offer efficient online for commercial applications operating systems. It intends be retrofitted these systems without modifying their code. To end, PRECIP addresses several issues critical containing surveillance, however are handled previous work access control information-flow security. Examples include models human input devices such as keyboard whose sensitivity level must dynamically determined, other shared resources clipboard screen accessed different processes, multitasked processes on public data concurrently. We applied Windows XP protect editing or viewing documents browsing websites. demonstrate that our implementation works effectively against wide spectrum spyware, including keyloggers, grabbers file stealers. also evaluated overheads technique, shown very small.
isoc.org参考文章(35)
Adrian Perrig, Michael K. Reiter, Jonathan M. McCune, Bump in the ether: a framework for securing sensitive user input usenix annual technical conference. pp. 17- 17 ,(2006)
Steve Zdancewic, Challenges for Information-flow Security ,(2004)
Dirk Balfanz, Daniel R. Simon, WindowBox: a simple security model for the connected desktop conference on usenix windows systems symposium. pp. 4- 4 ,(2000)
Tal Garfinkel, Mendel Rosenblum, Kevin Christopher, Ben Pfaff, Jim Chow, Understanding data lifetime via whole system simulation usenix security symposium. pp. 22- 22 ,(2004)
Zhuowei Li, XiaoFeng Wang, Jong Youl Choi, SpyShield: preserving privacy from spy add-ons recent advances in intrusion detection. pp. 296- 316 ,(2007) , 10.1007/978-3-540-74320-0_16
Douglas Kilpatrick, Lee Badger, Timothy Fraser, Calvin Ko, Detecting and countering system intrusions using software wrappers usenix security symposium. pp. 11- 11 ,(2000)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Engin Kirda, Richard A. Kemmerer, Christopher Kruegel, Greg Banks, Giovanni Vigna, Behavior-based spyware detection usenix security symposium. pp. 19- ,(2006)
Sandeep Bhatkar, R. Sekar, Wei Xu, Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks usenix security symposium. pp. 9- ,(2006)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)