research-article

Preventing accidental data disclosure in modern operating systems

Authors:

Adwait Nadkarni,

William EnckAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 1029 - 1042

https://doi.org/10.1145/2508859.2516677

Published: 04 November 2013 Publication History

Abstract

Modern OSes such as Android, iOS, and Windows 8 have changed the way consumers interact with computing devices. Tasks are often completed by stringing together a collection of purpose-specific user applications (e.g., a barcode reader, a social networking app, a document viewer). As users direct this workflow between applications, it is difficult to predict the consequence of each step. Poor selection may result in accidental information disclosure when the target application unknowingly uses cloud services. This paper presents Aquifer as a policy framework and system for preventing accidental information disclosure in modern operating systems. In Aquifer, application developers define secrecy restrictions that protect the entire user interface workflow defining the user task. In doing so, Aquifer provides protection beyond simple permission checks and allows applications to retain control of data even after it is shared.

References

[1]

A Capability Based Client: The DarpaBrowser. http://www.combex.com/papers/darpa-report/html/.

[2]

O. Arden, M. D. George, J. Liu, K. Vikram, A. Askarov, and A. C. Myers. Sharing Mobile Code Securely With Information Flow Control. In Proceedings of the IEEE Symposium on Security and Privacy, 2012.

Digital Library

[3]

D. Barrera, H. G. Kayacik, P. C. van Oorshot, and A. Somayaji. A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android. In Proceedings of the ACM Conference on Computer and Communications Security, Oct. 2010.

Digital Library

[4]

D. E. Bell and L. J. LaPadula. Secure Computer Systems: Mathematical Foundations. Technical Report MTR-2547, Vol. 1, MITRE Corp., Bedford, MA, 1973.

[5]

K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, MITRE, Apr. 1977.

[6]

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Toward Taming Privilege-Escalation Attacks on Android. In Proceedings of Network and Distributed System Security Symposium, 2012.

[7]

M. Conti, V. T. N. Nguyen, and B. Crispo. CRePE: Context-Related Policy Enforcement for Android. In Proceedings Information Security Conference, 2010.

Digital Library

[8]

P. T. Cummings, D. A. Fullam, M. J. Goldstein, M. J. Gosselin, J. Picciotto, J. P. Woodward, and J. Wynn. Compartimented Mode Workstation: Results Through Prototyping. In In the IEEE Symposium on Security and Privacy. IEEE, 1987.

[9]

L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege Escalation Attacks on Android. In Proceedings of the 13th Information Security Conference (ISC), Oct. 2010.

Digital Library

[10]

D. E. Denning. A Lattice Model of Secure Information Flow. Comm. of the ACM, 19(5):236--243, May 1976.

Digital Library

[11]

M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: Lightweight Provenance for Smart Phone Operating Systems. In Proceedings of the 20th USENIX Security Symposium, August 2011.

Digital Library

[12]

E and CapDesk. http://www.combex.com/tech/edesk.html.

[13]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Oct. 2010.

Digital Library

[14]

W. Enck, P. McDaniel, and T. Jaeger. PinUP: Pinning User Files to Known Applications. In Proceedings of Annual Computer Security Applications Conference, 2008.

Digital Library

[15]

W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), Nov. 2009.

Digital Library

[16]

A. P. Felt, K. Greenwood, and D. Wagner. The Effectiveness of Application Permissions. In Proceedings of the USENIX Conference on Web Application Development (WebApps), 2011.

Digital Library

[17]

A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android Permissions: User Attention, Comprehension and Behavior. In Proceedings of the Symposium on Usable Privacy and Security, 2012.

Digital Library

[18]

A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission Re-Delegation: Attacks and Defenses. In Proceedings of USENIX Security Symposium, 2011.

Digital Library

[19]

I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker. In Proceedings of the USENIX Security Symposium, 1996.

Digital Library

[20]

M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic Detection of Capability Leaks in Stock Android Smartphones. In Proceedings of the Network and Distributed System Security Symposium, Feb. 2012.

[21]

P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2011.

Digital Library

[22]

S. Ioannidis, S. Bellovin, and J. Smith. Sub-Operating Systems: A New Approach to Application Security. In Proceedings of ACM SIGOPS European workshop, 2002.

Digital Library

[23]

P. F. Klemperer, Y. Liang, M. L. Mazurek, M. Sleeper, B. Ur, L. Baur, L. F. Cranor, N. Gupta, and M. K. Reiter. Tag, You Can See It! Using Tags for Access Control in Photo Sharing. In Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), 2012.

Digital Library

[24]

M. Krohn and E. Tromer. Noninterference for a Practical DIFC-Based Operating System. In Proceedings of the IEEE Symposium on Security and Privacy, 2009.

Digital Library

[25]

M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information Flow Control for Standard OS Abstractions. In Proceedings of ACM Symposium on Operating Systems Principles, 2007.

Digital Library

[26]

J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: A Platform for Secure Distributed Computation and Storage. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), 2009.

Digital Library

[27]

A. C. Myers and B. Liskov. A Decentralized Model for Information Flow Control. In Proceedings of the ACM Symposium on Operating Systems Principles, 1997.

Digital Library

[28]

M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proceedings of ASIACCS, 2010.

Digital Library

[29]

M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically Rich Application-Centric Security in Android. In Proceedings of the 25th Annual Computer Security Applications Conference, 2009.

Digital Library

[30]

Payment Card Industry (PCI). Data Security Standard: Requirements and Security Assessment Procedures, Version 2.0, Oct. 2010. Available at https://www.pcisecuritystandards.org/security_standards/documents.php.

[31]

J. Picciotto. Towards trusted cut and paste in the X Window System. In Proceedings of the Seventh Annual Computer Security Applications Conference. IEEE, 1991.

[32]

F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang, and C. Cowan. User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems. In Proceedings of the IEEE Symposium on Security and Privacy, 2012.

Digital Library

[33]

I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel. Laminar: Practical Fine-Grained Decentralized Information Flow Control. In Proc. of the Conference on Programming Language Design and Implementation, 2009.

Digital Library

[34]

J. S. Shapiro, J. Vanderburgh, E. Northup, and D. Chizmadia. Design of the EROS trusted window system. In Proceedings of the USENIX Security Symposium, 2004.

Digital Library

[35]

P. Snowberger and D. Thain. Sub-Identities: Towards Operating System Support for Distributed System Security. Technical Report 2005--18, University of Notre Dame, Department of Computer Science and Engineering, 2005.

[36]

D. Stefan, A. Russo, D. Mazieres, and J. C. Mitchell. Disjunctive Category Labels. In Proc. of NordSec, 2011.

Digital Library

[37]

Y. Tang, P. Ames, S. Bhamidipati, A. Bijlani, R. Geambasu, and N. Sarda. CleanOS: Limiting Mobile Data Exposiure with Idle Eviction. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2012.

Digital Library

[38]

US Congress. Gramm-Leach-Bliley Act, Finiancial Privacy Rule. 15 USCS6801-\S6809, Nov. 1999. Available at http://www.law.cornell.edu/uscode/usc_sup_01_15_10_94_20_I.html.

[39]

US Congress. Health Insurance Portability and Accountability Act of 1996, Privacy Rule. 45 CFR 164, Aug. 2002. Available at http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr164_07.html.

[40]

US Internal Revenue Service (IRS). Publication 1075: Safeguards for Protecting Federal Tax Returns and Return Information, 2010. Available at http://www.irs.gov/pub/irs-pdf/p1075.pdf.

[41]

S. Vandebogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazières. Labels and Event Processes in the Asbestos Operating System. ACM Transactions on Computer Systems (TOCS), 25(4), December 2007.

Digital Library

[42]

H. J. Wang, X. Fan, J. Howell, and C. Jackson. Protection and Communication Abstractions for Web Browsers in MashupOS. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), 2007.

Digital Library

[43]

H. J. Wang, C. Grier, A. Moshchuk, S. T. King, P. Choudhury, and H. Venter. The Multi-Principle OS Construction of the Gazelle Web Browser. In Proceedings of the USENIX Security Symposium, 2009.

Digital Library

[44]

B. Week. Company Overview of Liquid Machines, Inc. http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=3079632.

[45]

D. Wichers, D. Cook, R. Olsson, J. Crossley, P. Kerchen, K. Levitt, and R. Lo. PACL's: An Access Control List Approach to Anti-viral Security. In Proceedings of the 13th National Computer Security Conference, 1990.

[46]

A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek. Improving application security with data flow assertions. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, 2009.

Digital Library

[47]

N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making Information Flow Explicit in HiStar. In Proceedings of the 7th symposium on Operating Systems Design and Implementation (OSDI), pages 263--278, 2006.

Digital Library

[48]

N. Zeldovich, S. Boyd-Wickizer, and D. Mazieres. Securing Distributed Systems with Information Flow Control. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation, 2008.

Digital Library

Cited By

Kafle KJagtap KAhmed-Rengers MJaeger TNadkarni AKim YKim JKoushanfar FRasmussen K(2024)Practical Integrity Validation in the Smart Home with HomeEndorserProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656116(207-218)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656116
Wang JChen ZZhang JXu YYu TZheng ZYe EGeorge SYang HLiu YNi KNarayanan VLi X(2024)A Module-Level Configuration Methodology for Programmable Camouflaged LogicACM Transactions on Design Automation of Electronic Systems10.1145/364046229:2(1-31)Online publication date: 14-Feb-2024
https://doi.org/10.1145/3640462
Senapati KKumar ASinha K(2023)Impact of Information Leakage and Conserving Digital PrivacyMalware Analysis and Intrusion Detection in Cyber-Physical Systems10.4018/978-1-6684-8666-5.ch008(166-188)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-8666-5.ch008
Show More Cited By

Index Terms

Preventing accidental data disclosure in modern operating systems
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Preventing range disclosure in k-anonymised data

k-Anonymisation is an approach to preventing sensitive information about individuals being identified or inferred from a dataset. Existing work achieves this by ensuring that each individual is linked to multiple sensitive values, but they have not ...
A Host Based Method for Data Leak Protection by Tracking Sensitive Data Flow
ECBS '12: Proceedings of the 2012 IEEE 19th International Conference and Workshops on Engineering of Computer-Based Systems

This paper describes a method for data leak protection (DLP) based on tracking sensitive information as it flows inside file system on a host. The method is based on the idea that every flow from sensitive to non-sensitive object increases the security ...
Disclosure control in multi-domain publish/subscribe systems
DEBS '11: Proceedings of the 5th ACM international conference on Distributed event-based system

Publish/subscribe is an effective paradigm for event dissemination over wide-area systems. However, there is tension between the convenience of open information delivery, and the need to protect data from unauthorised access. Publish/subscribe security ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

42
Total Citations
View Citations
894
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kafle KJagtap KAhmed-Rengers MJaeger TNadkarni AKim YKim JKoushanfar FRasmussen K(2024)Practical Integrity Validation in the Smart Home with HomeEndorserProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656116(207-218)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656116
Wang JChen ZZhang JXu YYu TZheng ZYe EGeorge SYang HLiu YNi KNarayanan VLi X(2024)A Module-Level Configuration Methodology for Programmable Camouflaged LogicACM Transactions on Design Automation of Electronic Systems10.1145/364046229:2(1-31)Online publication date: 14-Feb-2024
https://doi.org/10.1145/3640462
Senapati KKumar ASinha K(2023)Impact of Information Leakage and Conserving Digital PrivacyMalware Analysis and Intrusion Detection in Cyber-Physical Systems10.4018/978-1-6684-8666-5.ch008(166-188)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-8666-5.ch008
Liu XLiu K(2023)A permission-carrying security policy and static enforcement for information flows in Android programsComputers and Security10.1016/j.cose.2022.103090126:COnline publication date: 15-Feb-2023
https://dl.acm.org/doi/10.1016/j.cose.2022.103090
Salles-Loustau GSadhu VGarcia LJoshi KPompili DZonouz S(2022)Don't Just BYOD, Bring-Your-Own-App Too! Protection via Virtual Micro Security PerimetersIEEE Transactions on Mobile Computing10.1109/TMC.2020.300085221:1(76-92)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TMC.2020.3000852
Polinsky IDatta PBates AEnck WLobo JDi Pietro RChowdhury O(2021)SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless ComputingProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463567(175-186)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463567
Ami AKafle KMoran KNadkarni APoshyvanyk D(2021)Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis TechniquesACM Transactions on Privacy and Security10.1145/343980224:3(1-37)Online publication date: 9-Feb-2021
https://dl.acm.org/doi/10.1145/3439802
Kafle KMoran KManandhar SNadkarni APoshyvanyk D(2020)Security in Centralized Data Store-based Home Automation PlatformsACM Transactions on Cyber-Physical Systems10.1145/34182865:1(1-27)Online publication date: 30-Dec-2020
https://dl.acm.org/doi/10.1145/3418286
Manandhar SMoran KKafle KTang RPoshyvanyk DNadkarni A(2020)Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses2020 IEEE Symposium on Security and Privacy (SP)10.1109/SP40000.2020.00062(482-499)Online publication date: May-2020
https://doi.org/10.1109/SP40000.2020.00062
Petracca GSun YReineh AMcDaniel PGrossklags JJaeger THeninger NTraynor P(2019)EntrustProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361378(567-584)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361378
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten