Implementing Erasure Policies Using Taint Analysis
Paper in proceedings, 2010

Security or privacy-critical applications often require access to sensitive information in order to function. But in accordance with the principle of least privilege – or perhaps simply for legal compliance – such applications should not retain said information once it has served its purpose. In such scenarios, the timely disposal of data is known as an information erasure policy. This paper studies software-level information erasure policies for the data manipulated by programs. The paper presents a new approach to the enforcement of such policies. We adapt ideas from dynamic taint analysis to track how sensitive data sources propagate through a program and erase them on demand. The method is implemented for Python as a library, with no modifications to the runtime system. The library is easy to use, and allows programmers to indicate information-erasure policies with only minor modifications to their code.

library

erasure

taint analysis

Author

Filippo Del Tedesco

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

David Sands

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 7127 193-209

Subject Categories

Computer Science

DOI

10.1007/978-3-642-27937-9_14

ISBN

978-364227936-2

More information

Created

10/7/2017