Title :
Run-time Information Flow Monitoring based on Dynamic Dependence Graphs
Author :
Cavadini, Salvador ; Cheda, Diego
Author_Institution :
INRIA Sophia Antipolis - Mediterranee, Sophia Antipolis
Abstract :
Protecting sensitive information-credit card data, personal medical information, etc-is becoming an increasingly important issue due to ubiquity of computing systems. Traditionally, confidentiality of information is guaranteed by access control mechanisms, but there is a renewed interest in developing mechanisms that track how information flows during program execution. There are two established means to enforce information flow policies: static verification, and run-time or dynamic monitoring. Run-time monitoring is more flexible than static verification, since it permits running all programs and only reject unsecure executions; of course, the increased flexibility is mitigated by a degradation of runtime performance. This work presents two techniques for dynamic information flow monitoring. Unlike most of run-time monitors that rely on program rewriting techniques, these techniques use dynamic dependence graphs to track information flow at run-time. The proposed approaches scale to real languages and can cope with declassification annotations.
Keywords :
authorisation; graph theory; program verification; system monitoring; access control; dynamic dependence graph; dynamic monitoring; program execution; run-time information flow monitoring; static verification; Availability; Biomedical monitoring; Certification; Computer languages; Data flow computing; Data security; Information analysis; Information security; Protection; Runtime; dependence graphs; information flow; security;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.152
