Skip to main content
SpringerLink
Log in
Book cover

Annual Asian Computing Science Conference

ASIAN 2006: Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues pp 75–89Cite as

Automata-Based Confidentiality Monitoring

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4435))

Abstract

Non-interference is typically used as a baseline security policy to formalize confidentiality of secret information manipulated by a program. In contrast to static checking of non-interference, this paper considers dynamic, automaton-based, monitoring of information flow for a single execution of a sequential program. The monitoring mechanism is based on a combination of dynamic and static analyses. During program execution, abstractions of program events are sent to the automaton, which uses the abstractions to track information flows and to control the execution by forbidding or editing dangerous actions. The mechanism proposed is proved to be sound, to preserve executions of well-typed programs (in the security type system of Volpano, Smith and Irvine), and to preserve some safe executions of ill-typed programs.

Banerjee and Le Guernic were partially supported by NSF grants CNS-0627748, CNS-0209205, CCF-0296182 and ITR-0326577. Schmidt was partially supported by NSF grants ITR-0326577 and ITR-0086154. Le Guernic was also partially supported by the PoTestAT project (ACI Sécurité).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: Proc. Symp. Security and Privacy, pp. 11–20 (1982)

    Google Scholar 

  2. Cohen, E.S.: Information Transmission in Computational Systems. ACM SIGOPS Operating Systems Review 11(5), 133–139 (1977)

    Article  Google Scholar 

  3. Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  4. Banerjee, A., Naumann, D.A.: Stack-based Access Control and Secure Information Flow. Journal of Functional Programming 15(2), 131–177 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  5. Myers, A.C.: JFlow: Practical Mostly-Static Information Flow Control. In: Proc. ACM Symp. Principles of Programming Languages, pp. 228–241 (1999)

    Google Scholar 

  6. Pottier, F., Simonet, V.: Information flow inference for ML. ACM Trans. on Programming Languages and Systems 25(1), 117–158 (2003)

    Article  MATH  Google Scholar 

  7. Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A Core calculus of Dependency. In: Proc. ACM Symp. Principles of Programming Languages, pp. 147–160 (1999)

    Google Scholar 

  8. Barthe, G., Serpette, B.: Partial evaluation and non-interference for object calculi. In: Middeldorp, A. (ed.) FLOPS 1999. LNCS, vol. 1722, pp. 53–67. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  9. Sabelfeld, A., Sands, D.: A Per Model of Secure Information Flow in Sequential Programs. Higher Order and Symbolic Computation 14(1), 59–91 (2001)

    Article  MATH  Google Scholar 

  10. Mizuno, M., Schmidt, D.: A Security Flow Control Algorithm and Its Denotational Semantics Correctness Proof. J. Formal Aspects of Comp. 4(6A), 727–754 (1992)

    Article  MATH  Google Scholar 

  11. Volpano, D., Smith, G., Irvine, C.: A Sound Type System for Secure Flow Analysis. J. Computer Security 4(3), 167–187 (1996)

    Article  Google Scholar 

  12. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28(1), 175–205 (2006)

    Article  Google Scholar 

  13. Le Guernic, G., Banerjee, A., Schmidt, D.: Automaton-based Non-interference Monitoring. Technical Report, -1, Kansas State University, Manhattan, KS, USA (April 2006) (2006), http://www.cis.ksu.edu/schmidt/techreport/2006.list.html

  14. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    Article  MathSciNet  Google Scholar 

  15. McLean, J.: A General Theory of Composition for Trace Sets Closed Under Selective Interleaving Functions. In: Proc. Symp. Security and Privacy, pp. 79–93 (1994)

    Google Scholar 

  16. Ashby, W.R.: An Introduction to Cybernetics. Chapman & Hall, London (1956)

    Book  MATH  Google Scholar 

  17. Vachharajani, N., Bridges, M.J., Chang, J., Rangan, R., Ottoni, G., Blome, J.A., Reis, G.A., Vachharajani, M., August, D.I.: RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In: Proc. Symp. Microarchitecture (2004)

    Google Scholar 

  18. Kahn, G.: Natural Semantics. In: Brandenburg, F.J., Wirsing, M., Vidal-Naquet, G. (eds.) STACS 87. LNCS, vol. 247, pp. 22–39. Springer, Heidelberg (1987)

    Chapter  Google Scholar 

  19. Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Sec 4(1-2), 2–16 (2005)

    Article  Google Scholar 

  20. Viswanathan, M.: Foundations for the Run-time Analysis of Software Systems. PhD thesis, University of Pennsylvania (December 2000)

    Google Scholar 

  21. Smith, G., Volpano, D.: Secure Information Flow in a Multi-threaded Imperative Language. In: Proc. ACM Symp. on Principles of Programming Languages (January 1998), pp. 355–364 (1998)

    Google Scholar 

  22. Schneider, F.B., Morrisett, G., Harper, R.: A Language-Based Approach to Security. In: Wilhelm, R. (ed.) Informatics. LNCS, vol. 2000, pp. 86–101. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  23. Erlingsson, Ú.: The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Department of Computer Science, Cornell University (2003)

    Google Scholar 

  24. Erlingsson, Ú., Schneider, F.B.: SASI Enforcement of Security Policies: A Retrospective. In: Proc. New Security Paradigms Workshop, pp. 87–95. ACM Press, New York (1999)

    Google Scholar 

  25. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified In-lined Reference Monitoring on .NET. In: ACM Workshop on Programming Languages and Analysis for Security, ACM Press, New York (2006)

    Google Scholar 

  26. Ligatti, J., Bauer, L., Walker, D.: Enforcing Non-safety Security Policies with Program Monitors. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Pottier, F.c., Conchon, S.: Information flow inference for free. In: Proc. ACM International Conf. on Functional Programming, pp. 46–57 (2000)

    Google Scholar 

  28. Le Guernic, G., Jensen, T.: Monitoring Information Flow. In: Proceedings of the Workshop on Foundations of Computer Security (June 2005), pp. 19–30. DePaul University (2005)

    Google Scholar 

  29. Masri, W., Podgurski, A., Leon, D.: Detecting and Debugging Insecure Information Flows. In: Symp. on Software Reliability Engineering, pp. 198–209 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IRISA, Campus universitaire de Beaulieu, 35042, Rennes, France

    Gurvan Le Guernic & Thomas Jensen

  2. Kansas State University, Manhattan, KS 66506, USA

    Gurvan Le Guernic, Anindya Banerjee & David A. Schmidt

Authors
  1. Gurvan Le Guernic
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anindya Banerjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Jensen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David A. Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Mitsu Okada Ichiro Satoh

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Le Guernic, G., Banerjee, A., Jensen, T., Schmidt, D.A. (2007). Automata-Based Confidentiality Monitoring. In: Okada, M., Satoh, I. (eds) Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues. ASIAN 2006. Lecture Notes in Computer Science, vol 4435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77505-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77505-8_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77504-1

  • Online ISBN: 978-3-540-77505-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation