Implementing Erasure Policies Using Taint Analysis

  • Filippo Del Tedesco
  • Alejandro Russo
  • David Sands
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7127)

Abstract

Security or privacy-critical applications often require access to sensitive information in order to function. But in accordance with the principle of least privilege – or perhaps simply for legal compliance – such applications should not retain said information once it has served its purpose. In such scenarios, the timely disposal of data is known as an information erasure policy. This paper studies software-level information erasure policies for the data manipulated by programs. The paper presents a new approach to the enforcement of such policies. We adapt ideas from dynamic taint analysis to track how sensitive data sources propagate through a program and erase them on demand. The method is implemented for Python as a library, with no modifications to the runtime system. The library is easy to use, and allows programmers to indicate information-erasure policies with only minor modifications to their code.

Keywords

Usage Control Police Agent Runtime System Taint Analysis Locker System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    The Perl programming language, http://www.perl.org/
  2. 2.
    Bekman, S., Cholet, E.: Practical mod_perl. O’Reilly and Associates (2003)Google Scholar
  3. 3.
    Chong, S., Myers, A.C.: Language-based information erasure. In: Proc. IEEE Computer Security Foundations Workshop, pp. 241–254 (June 2005)Google Scholar
  4. 4.
    Chong, S.: Expressive and Enforceable Information Security Policies. Ph.D. thesis, Cornell University (August 2008)Google Scholar
  5. 5.
    Chong, S., Myers, A.C.: End-to-end enforcement of erasure and declassification. In: CSF 2008: Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium, pp. 98–111. IEEE Computer Society, Washington, DC (2008)CrossRefGoogle Scholar
  6. 6.
    Conti, J.J., Russo, A.: A taint mode for python via a library. OWASP AppSec Research (2010)Google Scholar
  7. 7.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Comm. of the ACM 20(7), 504–513 (1977)CrossRefMATHGoogle Scholar
  8. 8.
    Futoransky, A., Gutesman, E., Waissbein, A.: A dynamic technique for enhancing the security and privacy of web applications. In: Black Hat USA Briefings (August 2007)Google Scholar
  9. 9.
    Gutmann, P.: Data remanence in semiconductor devices. In: SSYM 2001: Proceedings of the 10th Conference on USENIX Security Symposium, pp. 4–4. USENIX Association, Berkeley (2001)Google Scholar
  10. 10.
    Haldar, V., Chandra, D., Franz, M.: Dynamic Taint Propagation for Java. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 303–311 (2005)Google Scholar
  11. 11.
    Hansen, R.R., Probst, C.W.: Non-interference and erasure policies for java card bytecode. In: 6th International Workshop on Issues in the Theory of Security, WITS 2006 (2006)Google Scholar
  12. 12.
    Hunt, S., Sands, D.: Just Forget it – The Semantics and Enforcement of Information Erasure. In: Gairing, M. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 239–253. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper). In: 2006 IEEE Symposium on Security and Privacy, pp. 258–263. IEEE Computer Society (2006)Google Scholar
  14. 14.
    Kozlov, D., Petukhov, A.: Implementation of Tainted Mode approach to finding security vulnerabilities for Python technology. In: Proc. of Young Researchers’ Colloquium on Software Engineering (SYRCoSE) (June 2007)Google Scholar
  15. 15.
    Lutz, M.: Learning Python. O’Reilly & Associates, Inc., Sebastopol (2003)MATHGoogle Scholar
  16. 16.
    Newsome, J., McCamant, S., Song, D.: Measuring channel capacity to distinguish undue influence. In: PLAS 2009: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, pp. 73–85. ACM (2009)Google Scholar
  17. 17.
    Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically Hardening Web Applications Using Precise Tainting. In: 20th IFIP International Information Security Conference, pp. 372–382 (2005)Google Scholar
  18. 18.
    Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for usage control. In: ASIACCS 2008: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 240–244. ACM, New York (2008)CrossRefGoogle Scholar
  19. 19.
    Russo, A., Sabelfeld, A., Li, K.: Implicit flows in malicious and nonmalicious code. Marktoberdorf Summer School. IOS Press (2009)Google Scholar
  20. 20.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  21. 21.
    Sabelfeld, A., Myers, A.C.: A Model for Delimited Information Release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Seo, J., Lam, M.S.: InvisiType: Object-Oriented Security Policies. In: 17th Annual Network and Distributed System Security Symposium, Internet Society, ISOC (February 2010)Google Scholar
  23. 23.
    Del Tedesco, F., Sands, D.: A user model for information erasure. In: 7th International Workshop on Security Issues in Concurrency, SecCo 2009. Electronic Proceedings in Theoretical Computer Science (2009)Google Scholar
  24. 24.
    Thomas, D., Fowler, C., Hunt, A.: Programming Ruby. The Pragmatic Programmer’s Guide. Pragmatic Programmers (2004)Google Scholar
  25. 25.
    Volpano, D.: Safety Versus Secrecy. In: Cortesi, A., Filé, G. (eds.) SAS 1999. LNCS, vol. 1694, pp. 303–311. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  26. 26.
    Zhao, B., Sandhu, R., Zhang, X., Qin, X.: Towards a Times-Based Usage Control Model. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 227–242. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Filippo Del Tedesco
    • 1
  • Alejandro Russo
    • 1
  • David Sands
    • 1
  1. 1.Chalmers University of TechnologyGöteborgSweden

Personalised recommendations