Sound and Precise Cross-Layer Data Flow Tracking

  • Enrico Lovat
  • Martín Ochoa
  • Alexander Pretschner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9639)


We connect runtime monitors for data flow tracking at different abstraction layers (a browser, a mail client, an operating system) and prove the soundness of this generic model w.r.t. a formal notion of explicit information flow. This allows us to (1) increase the precision of the analysis by exploiting the high-level semantics of events at higher levels of abstraction and (2) provide system-wide guarantees at the same time. For instance, using our model, we can soundly reason about the flow of a picture from the network through a browser into a cache file or a window on the screen by combining analyses at multiple layers.


  1. 1.
    Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. ACM Sigplan Not. 44(8), 20–31 (2009)CrossRefGoogle Scholar
  2. 2.
    Biswas, A.K.: Towards improving data driven usage control precision with intra-process data flow tracking. Master’s thesis, Technische Universität München (2014)Google Scholar
  3. 3.
    Chin, E., Wagner, D.: Efficient character-level taint tracking for java. In Proceedings of the ACM Workshop on Secure Web Services, pp. 3–12 (2009)Google Scholar
  4. 4.
    Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: USENIX Security (2004)Google Scholar
  5. 5.
    Crandall, J.R., Chong, F.T.: Minos: control data attack prevention orthogonal to memory model. In: Proceedings MICRO37, pp. 221–232. IEEE (2004)Google Scholar
  6. 6.
    de Amorim, A.A., Dénes, M., Giannarakis, N., Hritcu, C., Pierce, B.C., Spector-Zabusky, A., Tolmach, A.: Micro-policies (2015)Google Scholar
  7. 7.
    Demsky, B.: Cross-application data provenance and policy enforcement. ACM Trans. Inf. Syst. Secur. 14(1), 1–22 (2011)CrossRefGoogle Scholar
  8. 8.
    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX OSDI (2010)Google Scholar
  9. 9.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy (1982)Google Scholar
  10. 10.
    Harvan, M., Pretschner, A.: State-based usage control enforcement with data flow tracking using system call interposition. In: NSS (2009)Google Scholar
  11. 11.
    Kim, H.C., Keromytis, A.D., Covington, M., Sahita, R.: Capturing information flow with concatenated dynamic taint analysis. In: ARES (2009)Google Scholar
  12. 12.
    Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard OS abstractions. In: SOSP (2007)Google Scholar
  13. 13.
    Kumari, P., Pretschner, A., Peschla, J., Kuhn, J.-M.: Distributed data usage control for web applications: A social network implementation. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, pp. 85–96. ACM (2011)Google Scholar
  14. 14.
    Lörscher, M.: Usage Control for a Mail Client. Master thesis, TU Kaiserslautern (2012)Google Scholar
  15. 15.
    Lovat, E.: Cross-layer Data-centric Usage Control. Ph.D. thesis, Technische Univesität München (2015)Google Scholar
  16. 16.
    Lovat, E., Fromm, A., Mohr, M., Pretschner, A.: SHRIFT system-wide hybrid information flow tracking. In: Federrath, H., Gollmann, D., Chakravarthy, S.R. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 371–385. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-18467-8_25CrossRefGoogle Scholar
  17. 17.
    Lovat, E., Ochoa, M., Pretschner, A.: Sound and precise cross-layer data flow tracking. Technical Report TUM-I1629, Technische Universität München, January 2016.
  18. 18.
    Muniswamy-Reddy, K., Braun, U., Holland, D.A., Macko, P., Maclean, D., Margo, D., Seltzer, M., Smogor, R.: Layering in provenance systems. In: USENIX (2009)Google Scholar
  19. 19.
    Pretschner, A., Lovat, E., Büchler, M.: Representation-independent data usage control. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 122–140. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. 20.
    Rasthofer, S., Arzt, S., Lovat, E., Bodden, E.: Droidforce: Enforcing complex, data-centric, system-wide policies in android. In: ARES (2014)Google Scholar
  21. 21.
    Smith, G.: On the foundations of quantitative information flow. In: Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: ACM SIGARCH (2004)Google Scholar
  23. 23.
    Volpano, D.: Safety versus secrecy. In: Cortesi, A., Filé, G. (eds.) SAS 1999. LNCS, vol. 1694, p. 303. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  24. 24.
    Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  25. 25.
    Wüchner, T., Pretschner, A.: Data loss prevention based on data-driven usage control. In: 23rd IEEE International Symposium on Software Reliability Engineering (ISSRE), pp. 151-160, November 2012Google Scholar
  26. 26.
    Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: CCS (2007)Google Scholar
  27. 27.
    Zhang, Q., McCullough, J., Ma, J., Schear, N., Vrable, M., Vahdat, A., Snoeren, A.C., Voelker, G.M., Savage, S.: Neon: System support for derived data management. SIGPLAN Not. 45(7), 63–74 (2010)Google Scholar
  28. 28.
    Zhu, Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: Privacy scope: A precise information flow tracking system for finding application leaks. Technical Report UCB/EECS-2009-145, EECS Department, University of California, Berkeley, October 2009Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Enrico Lovat
    • 1
  • Martín Ochoa
    • 2
  • Alexander Pretschner
    • 1
  1. 1.Technische Universität MünchenMunichGermany
  2. 2.Singapore University of Technology and DesignSingaporeSingapore

Personalised recommendations