On-The-Fly Inlining Of Dynamic Security Monitors
Artikel i vetenskaplig tidskrift, 2012

How do we guarantee that a piece of code, possibly originating from third party, does not jeopardize the security of the underlying application? Language-based information-flow security considers programs that manipulate pieces of data at different sensitivity levels. Securing information flow in such programs remains an open challenge. Recently, considerable progress has been made on understanding dynamic monitoring for secure information flow. This paper presents a framework for inlining dynamic information-flow monitors. A novel feature of our framework is the ability to perform inlining on the fly. We consider a source language that includes dynamic code evaluation of strings whose content might not be known until runtime. To secure this construct, our inlining is done on the fly, at the string evaluation time, and, just like conventional offline inlining, requires no modification of the hosting runtime environment. We present a formalization for a simple language to show that the inlined code is secure: it satisfies a non-interference property. We also discuss practical considerations experimental results based on both manual and automatic code rewriting.

Information flow

Language-based security

Reference monitors

Inlining

Non-interference

Författare

Jonas Magazinius

Chalmers, Data- och informationsteknik, Programvaruteknik

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

Andrei Sabelfeld

Chalmers, Data- och informationsteknik, Programvaruteknik

Computers and Security

0167-4048 (ISSN)

Vol. 31 827-843

Styrkeområden

Informations- och kommunikationsteknik

Fundament

Grundläggande vetenskaper

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1016/j.cose.2011.10.002