A Field-Sensitive Security Monitor for Object-Oriented Programs

doi:10.1016/j.cose.2021.102349

Computers & Security

Volume 108, September 2021, 102349

https://doi.org/10.1016/j.cose.2021.102349 Get rights and content

Under a Creative Commons license

open access

Abstract

In this paper, we propose a sound method to synthesize a permissive monitor using boolean supervisory controller synthesis that observes a Java program at certain checkpoints, predicts information flow violations and applies suitable countermeasures to prevent violations. We introduce an approach for modeling heap and information flow via heap. To improve permissiveness, we train the monitor and remove false positives by executing the program along with its executable model. If a security violation is detected, the user can define sound countermeasures, including declassification to apply in checkpoints. We prove that the monitored program ensures localized delimited release in case of declassifying information and termination-insensitive noninterference in case of no declassification. We implement a tool to automate the whole process and generate a monitor. Our method is evaluated by applying it on the Droidbench benchmark and one real-life Android application.

Keywords

Language-based security

Information flow control

Controller synthesis

Heap modeling

Cited by (0)

Narges Khakpour is a senior lecturer with Linnaeus University, Sweden since 2014. She received her Ph.D. in computer science from Tarbiat Modares University, Tehran in 2012. She was a research associate at KTH Royal Institute of Technology, Stockholm from 2012 to 2014, and a visiting researcher at TU Braunschweig, Germany in 2011 and Leiden University, The Netherlands in 2010. Her research interests include formal methods, security and self-* systems.