Language-based information-flow security
read more
Citations
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)
EnerJ: approximate data types for safe and general low-power computation
Securing web application code by static analysis and runtime protection
References
The Mathematical Theory of Communication
The Mathematical Theory of Communication
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
On the security of public key protocols
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
Related Papers (5)
Frequently Asked Questions (16)
Q2. What contributions have the authors mentioned in the paper "Language-based information-flow security" ?
In this article the authors survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies.
Q3. What have the authors stated for future works in "Language-based information-flow security" ?
The authors conclude by discussing related and future work. However, there are three areas where further work is needed: • Semantics of information flow are needed for concurrent and distributed systems so that useful end-to-end security guarantees are provided without ruling out useful, secure programs. Attackers of varying capabilities can be modeled straightforwardly as different attacker views, and correspond to different security properties. Compositionality: A number of further advantages are associated with both security-type systems and semanticsbased security.
Q4. What are other common security enforcement mechanisms?
Other common security enforcement mechanisms such as firewalls, encryption, and antivirus software are useful for protecting confidential information.
Q5. What are the three areas where further work is needed?
there are three areas where further work is needed:• Semantics of information flow are needed for concurrent and distributed systems so that useful end-to-end security guarantees are provided without ruling out useful, secure programs.
Q6. How does the compiler enforce the security of a program?
Security is enforced by type checking; the compiler reads a program containing labeled types and in typechecking the program, ensures that the program cannot contain improper information flows at run time.
Q7. Why are compilers needed for security-typed languages?
Certifying compilers are needed for security-typed languages, because compilers for source languages (such as Jif) are too complex to be part of the trusted computingbase.
Q8. What is the importance of dynamic security policies?
Dynamic security policies are an important area for future work; although dynamic labels are not known to introduce unsoundness into the Jif type system, currently there are no noninterference results for any fragment that supports them.
Q9. What is the usual method for showing that noninterference holds?
The usual method for showing that noninterference holds is to demonstrate that the attacker cannot observe any difference between two executions that differ only in their confidential input [48].
Q10. Why is it important to test compilation in low-level machine languages?
This is also important because much malicious code is distributed in the form of programs in a low-level machine language (not to be confused with the low level of confidentiality for data) such as Java applets or ActiveX components.
Q11. What is the reason for label creep?
Label creep makes dynamic labeling systems too restrictive to be generally useful, because the results of computation tend to be labeled too sensitively for their intended use [41].
Q12. What is the problem with checking information flow in low-level languages?
One difficulty with checking information flow in low-level languages is that useful information about program structure is lost during compilation.
Q13. What is the link between low-view relations L and equivalence relations?
The extension of PERs to handle nondeterministic security [17], [85] develops a link between low-view relations ≈L and equivalence relations ≈ for programs that exhibit nondeterminism.
Q14. What are examples of low-level languages that can be used to guarantee memory safety?
Java bytecode verification [24] and typed assembly language [28] (primarily used to guarantee memory safety) are examples of this approach.
Q15. What is the potential weakness of using a compiler to validate information flows?
One potential weakness of using a compiler to validate information flows is that it places both the type checker and the code generator of the compiler in the trusted computed base (TCB) [117].
Q16. What is the way to prevent a dynamically changing security policy?
If these permissions are to be enforced as end-to-end policies, programs accessing filesystem must be able to enforce dynamically changing security policies.