A taint marking approach to confidentiality violation detection

Autoria(s): Hauser, Christophe; Tronel, Frederic; Reid, Jason F.; Fidge, Colin J.
Contribuinte(s)

Pieprzyk, Josef

Thomborson, Clark
Data(s)

30/01/2012
Resumo

This article presents a novel approach to confidentiality violation detection based on taint marking. Information flows are dynamically tracked between applications and objects of the operating system such as files, processes and sockets. A confidentiality policy is defined by labelling sensitive information and defining which information may leave the local system through network exchanges. Furthermore, per application profiles can be defined to restrict the sets of information each application may access and/or send through the network. In previous works, we focused on the use of mandatory access control mechanisms for information flow tracking. In this current work, we have extended the previous information flow model to track network exchanges, and we are able to define a policy attached to network sockets. We show an example application of this extension in the context of a compromised web browser: our implementation detects a confidentiality violation when the browser attempts to leak private information to a remote host over the network.
Formato

application/pdf
Identificador

http://eprints.qut.edu.au/47263/
Publicador

Australian Computer Society
Relação

http://eprints.qut.edu.au/47263/1/HauserEtAl-acsw2012.pdf

http://www.cs.rmit.edu.au/acsw2012/

Hauser, Christophe, Tronel, Frederic, Reid, Jason F., & Fidge, Colin J. (2012) A taint marking approach to confidentiality violation detection. In Pieprzyk, Josef & Thomborson, Clark (Eds.) Proceedings of the 10th Australasian Information Security Conference (AISC 2012), Australian Computer Society, RMIT University, Melbourne, VIC, pp. 83-90.

http://purl.org/au-research/grants/ARC/2006005738
Direitos

Copyright 2012, Australian Computer Society, Inc.

This paper appeared at the 10th Australasian Information Security Conference (AISC 2012), Melbourne, Australia, January- February 2012. Conferences in Research and Practice in Information Technology (CRPIT), Vol. 125, Josef Pieprzyk and Clark Thomborson, Ed. Reproduction for academic, not-for-profit purposes permitted provided this text is included.
Fonte

School of Electrical Engineering & Computer Science; Information Security Institute; Science & Engineering Faculty
Palavras-Chave #080303 Computer System Security #Computer system security #Taint analysis #Data confidentiality and integrity
Tipo

Conference Paper
Acesso ao item digital