2014 IEEE 27th Computer Security Foundations Symposium 2014
DOI: 10.1109/csf.2014.13
|View full text |Cite
|
Sign up to set email alerts
|

On Dynamic Flow-Sensitive Floating-Label Systems

Abstract: Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable security labels, i.e., labels that can change over the course of the computation. This feature is often used to boost the permissiveness of the IFC monitor, by rejecting fewer runs of programs, and to reduce the burden of explicit label annotations. However, adding flow-sensitive constructs (e.g., references or files) to a dynamic IFC system is subtle and may also introduce high-bandwidth covert channels. In this … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
5

Citation Types

2
23
0

Year Published

2015
2015
2019
2019

Publication Types

Select...
3
2

Relationship

0
5

Authors

Journals

citations
Cited by 19 publications
(25 citation statements)
references
References 40 publications
2
23
0
Order By: Relevance
“…This allows us to allocate a low block in high context, knowing that at the end of the high context access to these blocks will only be possible through high pointers; this invariant is a cornerstone of our noninterference proof ( §8.4). This is more permissive than the reference allocation rule of Buiras et al (2014), which can only use "the current label" (roughly analogous to our pc label) as "the label on the reference label" (analogous to our block label). We return to the fresh m .…”
Section: Permissive Flow-sensitive Memory Updatesmentioning
confidence: 99%
See 4 more Smart Citations
“…This allows us to allocate a low block in high context, knowing that at the end of the high context access to these blocks will only be possible through high pointers; this invariant is a cornerstone of our noninterference proof ( §8.4). This is more permissive than the reference allocation rule of Buiras et al (2014), which can only use "the current label" (roughly analogous to our pc label) as "the label on the reference label" (analogous to our block label). We return to the fresh m .…”
Section: Permissive Flow-sensitive Memory Updatesmentioning
confidence: 99%
“…Similarly, this ensures that no program can vary a pointer based on secrets and then use that pointer to do a store to a block with a public block label, since that block can potentially also be accessible via public pointers that can observe the stored value or its label. This is analogous to one of the checks performed for the upgrade operation of Buiras et al (2014) (upgrade is further discussed below); perhaps surprisingly this it the only check we need for our Store instruction.…”
Section: Permissive Flow-sensitive Memory Updatesmentioning
confidence: 99%
See 3 more Smart Citations