skip to main content
10.1145/1854099.1854107acmotherconferencesArticle/Chapter ViewAbstractPublication PagessinConference Proceedingsconference-collections
research-article

Towards a system-wide and transparent security mechanism using language-level information flow control

Published: 07 September 2010 Publication History

Abstract

Operating systems try to provide secure platforms using appropriate security mechanisms like DAC and MAC. In spite of this, information confidentiality is not totally provided when information flows in the program memory space. Programming language level security techniques have thus been introduced to provide secure information flow inside programs. Existing works on programming language level are problematic though because their information flow policies have not been integrated into the underlying system security policies. In this paper we propose a dynamic solution for tracking and enforcing information flow policies inside the Java framework that is integrated with a trusted operating system namely SELinux. Our solution focuses on internal structure of JVM, implicating no modification to Java programming language. Experimental results have shown a bearable runtime overhead on running programs.

References

[1]
M. Bishop, "Introduction to Computer Security." Published by Prentice Hall PTR, October 26, 2004.
[2]
D. E. Bell and L. J. LaPadula, "Secure Computer Systems: Mathematical foundations." Technical Report, MTR-2547, vol. 1, MITRE Corp., Bedford, MA, 1973.
[3]
A. Banerjee and D. A. Naumann, "Using Access Control for Secure Information Flow in a Java-like Language." Proceedings of the 16th IEEE Computer Security Foundations Workshop, pp. 155--169, California, USA, 2003.
[4]
D. Baker, "Fortresses Built Upon Sand." Proceedings of the New Security Paradigms Workshop, pp. 148--153, Lake Arrowhead, California, USA, 1996.
[5]
D. Chandra, "Information Flow Analysis and Enforcement in Java Bytecode." Ph.D. Thesis, University of California, Irvine, USA, 2006.
[6]
D. E. Denning and P. J. Denning, "Certification of Programs for Secure Information Flow." Communications of the ACM, vol. 20, no. 7, pp. 504--513, July 1977
[7]
L. Gong, G. Ellison and M. Dageforde, "Inside Java 2 Platform Security, Architecture, API Design and Implementation." Published by SUN Microsystems, 2007.
[8]
J. Gosling, B. Joy, G. Steele and G. Bracha, "The Java Language Specification." Published by Addison Wesley, 2000.
[9]
J. A. Goguen and J. Meseguer, "Security Policies and Security Models." Proceedings of the IEEE Symposium on Security and Privacy, pp. 11--20, Oakland, California, USA, April 1982.
[10]
B. Hicks, S. Rueda, T. Jaeger and Patrick McDaniel, "Integrating SELinux with Security-Typed Languages." The 3rd SELinux Symposium, Baltimore, MD, USA, March 2007.
[11]
B. Hicks, S. Rueda, T. Jaeger, and P. McDaniel, "From Trusted to Secure: Building and Executing Applications that Enforce System Security." Technical Report NAS-TR-0061-2007, Networking and Security Research Center, Department of Computer Science, Pennsylvania state University, 2007.
[12]
N. Heintze and J. G. Riecke, "The SLam Calculus: Programming with Secrecy and Integrity." Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pp. 365--377, San Diego, California, January 1998.
[13]
V. Haldar, D. Chandra, and M. Franz, "Dynamic Taint Propagation for Java." Proceedings of the 21st Annual Computer Security Applications Conference, pp. 303--311, Tucson, Arizona, USA, 2005.
[14]
V. Haldar, D. Chandra and M. Franz, "Practical, Dynamic Information Flow for Virtual Machines." In International Workshop on Programming Language Interference and Dependence, London, UK, September 2005.
[15]
T. Jaeger, D. King, K. Butler, S. Hallyn, J. Latten and X. Zhang, "Leveraging IPsec for Mandatory Access Control Across Systems." The Second International Conference on Security and Privacy in Communication Networks, Baltimore, MD, USA, August 2006.
[16]
D. Kilpatrick, W. Salamon and C. Vance, "Securing the X Window System with SELinux." Technical Report 03-006, NAI Labs, March 2003.
[17]
P. Loscocco, S. Smalley, P. Muckelbauer, R. Taylor, S. Turner, and J. Farrell. "The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments." The 21st National Information Systems Security Conference, Arlington, Virginia, USA, 1998.
[18]
P. Loscocco and S. Smalley, "Integrating Flexible Support for Security Policies into the Linux Operating System." Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 29--42, Boston, MA, USA, 2001.
[19]
A. C. Myers, "JFlow: Practical Mostly-Static Information Flow Control." Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pp. 228--241, San Antonio, Texas, USA, 1999.
[20]
A. C. Myers, "Mostly-static decentralized information flow." Ph.D. Thesis, Massachusetts Institute of Technology, USA, 1999.
[21]
A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom, "Jif: Java Information Flow." Software release, at http://www.cs.cornell.edu/jif, July 2001 (last accessed 2009)
[22]
F. Mayer, K. Millan and D. Caplan, "SELinux by Example: Using Security Enhanced Linux." Published by Prentice Hall, July 27, 2006.
[23]
A. Sabelfeld and A. C. Myers, "Language-Based Information-Flow Security." IEEE Journal on Selected Areas in Communications, vol. 21, no. 1, pp. 5--19, 2003.
[24]
B. Venners, "Inside the Java Virtual Machine." Published by McGraw-Hill Companies, 1997.
[25]
D. Volpano, G. Smith and C. Irvine, "A Sound Type System for Secure Flow Analysis." Journal of Computer Security, vol. 4, no. 3, pp.167--187, 1996.
[26]
N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani and D. I. August, "RIFLE: An Architectural Framework for User-Centric Information-Flow Security." The 37th International Symposium on Microarchitecture, Portland, Oregon, USA, December 2004.
[27]
S. Zdancewic and A. C. Myers, "Secure Information Flow via Linear Continuations." Higher Order and Symbolic Computation, vol. 15, no. 2, pp. 209--234, September 2002.

Cited By

View all
  • (2023)MirrorTaint: Practical Non-Intrusive Dynamic Taint Tracking for JVM-Based Microservice SystemsProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00210(2514-2526)Online publication date: 14-May-2023
  • (2014)PhosphorACM SIGPLAN Notices10.1145/2714064.266021249:10(83-101)Online publication date: 15-Oct-2014
  • (2014)PhosphorProceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications10.1145/2660193.2660212(83-101)Online publication date: 15-Oct-2014
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SIN '10: Proceedings of the 3rd international conference on Security of information and networks
September 2010
286 pages
ISBN:9781450302340
DOI:10.1145/1854099
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • Microsoft: Microsoft
  • RFBR: Russian Foundation for Basic Research

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 September 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. information flow
  2. language-level information flow
  3. mandatory access control
  4. system-wide security

Qualifiers

  • Research-article

Conference

SIN '10
Sponsor:
  • Microsoft
  • RFBR
SIN '10: 3rd International Conference of Security of Information and Networks
September 7 - 11, 2010
Rostov-on-Don, Taganrog, Russian Federation

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)MirrorTaint: Practical Non-Intrusive Dynamic Taint Tracking for JVM-Based Microservice SystemsProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00210(2514-2526)Online publication date: 14-May-2023
  • (2014)PhosphorACM SIGPLAN Notices10.1145/2714064.266021249:10(83-101)Online publication date: 15-Oct-2014
  • (2014)PhosphorProceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications10.1145/2660193.2660212(83-101)Online publication date: 15-Oct-2014
  • (2013)ShadowDataProceedings of the 11th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering10.1145/2462029.2462032(17-24)Online publication date: 20-Jun-2013
  • (2013)Security Enhanced Java: Mandatory Access Control for the Java Virtual Machine16th IEEE International Symposium on Object/component/service-oriented Real-time distributed Computing (ISORC 2013)10.1109/ISORC.2013.6913208(1-7)Online publication date: Jun-2013

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media