Runtime Enforcement of Information Flow Security in Tree Manipulating Processes

被引:0
|
作者
Kovacs, Mate [1 ]
Seidl, Helmut [1 ]
机构
[1] Tech Univ Munich, D-8000 Munich, Germany
来源
ENGINEERING SECURE SOFTWARE AND SYSTEMS | 2012年 / 7159卷
关键词
Semi-structured data; information flow control; runtime enforcement; CALCULUS; BPEL;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We consider the problem of enforcing information flow policies in XML manipulating programs such as Web services and business processes implemented in current workflow languages. We propose a runtime monitor that can enforce the secrecy of freely chosen subtrees of the data throughout the execution. The key idea is to apply a generalized constant propagation for computing the public effect of branching constructs whose conditions may depend on the secret. This allows for a better precision than runtime monitors which rely on tainting of variables or nodes alone. We demonstrate our approach for a minimalistic tree manipulating programming language and prove its correctness w.r.t. the concrete semantics of programs.
引用
收藏
页码:46 / 59
页数:14
相关论文
共 50 条
  • [1] Hybrid Static-Runtime Information Flow and Declassification Enforcement
    Rocha, Bruno P. S.
    Conti, Mauro
    Etalle, Sandro
    Crispo, Bruno
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2013, 8 (08) : 1294 - 1305
  • [2] Specification and runtime enforcement of security policies
    Jin, Ying
    Zhang, Jing
    Zheng, Xiaojuan
    2007 IFIP INTERNATIONAL CONFERENCE ON NETWORK AND PARALLEL COMPUTING WORKSHOPS, PROCEEDINGS, 2007, : 244 - +
  • [3] Static enforcement of security in runtime systems
    Pedersen, Mathias, V
    Askarov, Aslan
    2019 IEEE 32ND COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF 2019), 2019, : 335 - 350
  • [4] Runtime Enforcement of Dynamic Security Policies
    Horcas, Jose-Miguel
    Pinto, Monica
    Fuentes, Lidia
    SOFTWARE ARCHITECTURE, ECSA 2014, 2014, 8627 : 340 - 356
  • [5] Runtime Enforcement for Control System Security
    Lanotte, Ruggero
    Merro, Massimo
    Munteanu, Andrei
    2020 IEEE 33RD COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF 2020), 2020, : 246 - 261
  • [6] A modular pipeline for enforcement of security properties at runtime
    Taleb, Rania
    Halle, Sylvain
    Khoury, Raphael
    ANNALS OF TELECOMMUNICATIONS, 2023, 78 (7-8) : 429 - 457
  • [7] An Android runtime security policy enforcement framework
    Hammad Banuri
    Masoom Alam
    Shahryar Khan
    Jawad Manzoor
    Bahar Ali
    Yasar Khan
    Mohsin Yaseen
    Mir Nauman Tahir
    Tamleek Ali
    Quratulain Alam
    Xinwen Zhang
    Personal and Ubiquitous Computing, 2012, 16 : 631 - 641
  • [8] A modular pipeline for enforcement of security properties at runtime
    Rania Taleb
    Sylvain Hallé
    Raphaël Khoury
    Annals of Telecommunications, 2023, 78 : 429 - 457
  • [9] An Android runtime security policy enforcement framework
    Banuri, Hammad
    Alam, Masoom
    Khan, Shahryar
    Manzoor, Jawad
    Ali, Bahar
    Khan, Yasar
    Yaseen, Mohsin
    Tahir, Mir Nauman
    Ali, Tamleek
    Alam, Quratulain
    Zhang, Xinwen
    PERSONAL AND UBIQUITOUS COMPUTING, 2012, 16 (06) : 631 - 641
  • [10] An Android runtime security policy enforcement framework
    Security Engineering Research Group , Institute of Management Sciences, 1-A, E-5, Phase VII, Hayatabad, Peshawar, Pakistan
    不详
    Pers. Ubiquitous Comp., 6 (631-641):
12345