Spelling suggestions: "subject:"forminformation low control"" "subject:"forminformation low coontrol""
1 |
Protection against malicious JavaScript using hybrid flow-sensitive information flow monitoringSayed, Bassam 02 March 2016 (has links)
Modern web applications use several third-party JavaScript libraries to achieve higher levels of engagement. The third-party libraries range from utility libraries such as jQuery to libraries that provide services such as Google Analytics and context- sensitive advertisement. These third-party libraries have access to most (if not all) the elements of the displayed webpage. This allows malicious third-party libraries to perform attacks that steal information from the end-user or perform an action without the end-user consent. These types of attacks are the stealthiest and the hardest to defend against, because they are agnostic to the browser type and platform of the end-user and at the same time they rely on web standards when performing the attacks. Such kind of attacks can perform actions using the victim’s browser without her permission. The nature of such actions can range from posting an embarrassing message on the victim’s behalf over her social network account, to performing online biding using the victim’s account. This poses the need to develop effective mechanisms for protecting against client-side web attacks that mainly target the end-user. In the proposed research, we address the above challenges from information flow monitoring perspective by developing a framework that restricts the flow of information on the client-side to legitimate channels. The proposed model tracks sensitive information flow in the JavaScript code and prevents information leakage from happening. The main component of the framework is a hybrid flow-sensitive security monitor that controls, at runtime, the dissemination of information flow and its inlining. The security monitor is hybrid as it combines both static analysis and runtime monitoring of the running JavaScript program. We provide the soundness proof of the model with respect to termination-insensitive non-interference security policy and develop a new security benchmark to establish experimentally its effectiveness in detecting and preventing illicit information flow. When applied to the context of client-side web-based attacks, the proposed model provides a more secure browsing environment for the end-user. / Graduate
|
2 |
Protecting sensitive information from untrusted codeRoy, Indrajit 13 December 2010 (has links)
As computer systems support more aspects of modern life, from finance to health care, security is becoming increasingly important. However, building secure systems remains a challenge. Software continues to
have security vulnerabilities due to reasons ranging from programmer
errors to inadequate programming tools. Because of these
vulnerabilities we need mechanisms that protect sensitive data
even when the software is untrusted.
This dissertation shows that secure and practical frameworks can be built
for protecting users' data from untrusted applications in both desktop
and cloud computing environment.
Laminar is a new framework that secures desktop applications by
enforcing policies written as information flow rules. Information flow control, a form of mandatory access control, enables programmers to write powerful, end-to-end security guarantees while reducing
the amount of trusted code. Current programming abstractions and implementations of this model either compromise end-to-end security guarantees or require substantial modifications to applications, thus deterring adoption. Laminar addresses these shortcomings by exporting
a single set of abstractions to control information flows through
operating system resources and heap-allocated objects. Programmers express security policies by labeling data and represent access restrictions on code using a new abstraction called a security region.
The Laminar programming model eases incremental deployment, limits dynamic security checks, and supports multithreaded programs that can access
heterogeneously labeled data.
In large scale, distributed computations safeguarding information requires solutions beyond mandatory access control. An important challenge is to ensure that the computation, including its output,
does not leak sensitive information about the inputs. For untrusted code, access control cannot guarantee that the output does not leak information. This dissertation proposes Airavat, a MapReduce-based system which augments mandatory access control with differential privacy to guarantee security and privacy for distributed computations. Data providers control the security policy for their sensitive data, including a mathematical bound on potential privacy violations. Users without security expertise can perform computations
on the data; Airavat prevents information leakage beyond the data
provider's policy. Our prototype implementation of Airavat
demonstrates that several data mining tasks can be performed in a
privacy preserving fashion with modest performance overheads. / text
|
3 |
Desclasificación basada en tipos en DART: Implementación y elaboración de herramientas de inferenciaMeneses Cortés, Matías Ignacio January 2018 (has links)
Ingeniero Civil en Computación / La protección de la confidencialidad de la información manipulada por los programas computacionales es abordada a nivel del código fuente con distintas técnicas. Una de ellas es tipado de seguridad para el control de flujo, que controla el nivel de seguridad donde fluye la información agregando anotaciones a las variables tipadas.
La propiedad de seguridad fundamental de control de flujo es conocida como no-interferencia (noninterference), que establece que un observador público no puede obtener conocimiento desde datos confidenciales. A pesar de ser una propiedad muy atractiva, los sistemas reales la vulneran fácilmente, y necesitan mecanismos para desclasificar selectivamente alguna información.
En esta dirección, Cruz et al. proponen una forma de desclasificación basada en tipos (type-based declassification), en donde se utilizan las relaciones de subtipos del lenguaje para expresar las políticas de desclasificación de los datos que maneja el programa, en una forma simple y expresiva.
A pesar de que el fundamento teórico de la desclasificación basada en tipos está bien descrito, carece de una implementación que permita comprobar la utilidad práctica de la propuesta. En este trabajo, se implementa el análisis de la desclasificación basada en tipos para un subconjunto del lenguaje Dart, un lenguaje de programación de propósito general orientado a objetos desarrollado por Google.
Además, se implementó un sistema de inferencia de políticas de desclasificación y una extensión para ambientes de desarrollo, con el objetivo de facilitar el trabajo al programador y mejorar su experiencia.
|
4 |
Arquitetura de aplicativos móveis com fluxo seguro de informação. / Architecture of mobile applications with information flow control.Paiva, Oscar Zibordi de 17 May 2016 (has links)
A adoção de lojas de aplicativos e Open APIs por um número crescente de empresas, muitas nem mesmo atuantes no ramo de tecnologia, revela o interesse das mesmas em exteriorizar a concepção e desenvolvimento de software corporativo. Com isso, as empresas almejam multiplicar as funcionalidades disponíveis a seus clientes, utilizando uma fração do custo e do tempo que seriam tradicionalmente gastos para fazê-lo. Ao mesmo tempo, o acesso a dados e sistemas corporativos por softwares de desenvolvedores potencialmente desconhecidos suscita preocupações de segurança, tornando-se imperativo garantir a adequação desses softwares às políticas de segurança institucionais. Entretanto, carece-se de meios automáticos capazes de garantir a mencionada adequação nas plataformas móveis, seja nos seus ambientes de execução ou em seus kits de desenvolvimento de software. Este trabalho, utilizando de ideias recentes da área de Controle de Fluxo de Informação, propõe a arquitetura de um ambiente de execução para aplicativos móveis que garante por construção a adequação dos mesmos a determinadas políticas de confidencialidade e integridade de dados, mesmo na presença de código malicioso. A praticidade de tal arquitetura é validada através da implementação de um aplicativo exemplo. Tal implementação ilustra o funcionamento dos mecanismos de segurança propostos e a compatibilidade dos mesmos a um conjunto de funcionalidades adequado ao cenário de manipulação de dados corporativos. / The adoption of application stores and Open APIs by a growing number of companies, many of them not even related to the technology business, reveals their interest in externalizing the conception and development of corporate software. By doing so, these companies expect to multiply the number of functionalities available to their customers, spending a fraction of the traditionally required time and cost. On the other hand, access to corporate data and services by software developed by potentially unknown parties raises security concerns, making it imperative to ensure the adequacy of the mentioned software to the institutional security policies. Nevertheless, there is a lack of automatic tools capable of guaranteeing the mentioned adequacy in mobile platforms, either in their runtime environments or in their software development kits. This work, using recent ideas from the Information Flow Control area, proposes the architecture of a run-time environment for mobile applications that guarantees by construction their adequacy to some confidentiality and integrity policies, even in the presence of malicious code. The practicality of this architecture is validated by the implementation of an example application. This implementation illustrates the working of the proposed security mechanisms and their compatibility to a set of functionalities relevant to the scenario of corporate data manipulation.
|
5 |
Arquitetura de aplicativos móveis com fluxo seguro de informação. / Architecture of mobile applications with information flow control.Oscar Zibordi de Paiva 17 May 2016 (has links)
A adoção de lojas de aplicativos e Open APIs por um número crescente de empresas, muitas nem mesmo atuantes no ramo de tecnologia, revela o interesse das mesmas em exteriorizar a concepção e desenvolvimento de software corporativo. Com isso, as empresas almejam multiplicar as funcionalidades disponíveis a seus clientes, utilizando uma fração do custo e do tempo que seriam tradicionalmente gastos para fazê-lo. Ao mesmo tempo, o acesso a dados e sistemas corporativos por softwares de desenvolvedores potencialmente desconhecidos suscita preocupações de segurança, tornando-se imperativo garantir a adequação desses softwares às políticas de segurança institucionais. Entretanto, carece-se de meios automáticos capazes de garantir a mencionada adequação nas plataformas móveis, seja nos seus ambientes de execução ou em seus kits de desenvolvimento de software. Este trabalho, utilizando de ideias recentes da área de Controle de Fluxo de Informação, propõe a arquitetura de um ambiente de execução para aplicativos móveis que garante por construção a adequação dos mesmos a determinadas políticas de confidencialidade e integridade de dados, mesmo na presença de código malicioso. A praticidade de tal arquitetura é validada através da implementação de um aplicativo exemplo. Tal implementação ilustra o funcionamento dos mecanismos de segurança propostos e a compatibilidade dos mesmos a um conjunto de funcionalidades adequado ao cenário de manipulação de dados corporativos. / The adoption of application stores and Open APIs by a growing number of companies, many of them not even related to the technology business, reveals their interest in externalizing the conception and development of corporate software. By doing so, these companies expect to multiply the number of functionalities available to their customers, spending a fraction of the traditionally required time and cost. On the other hand, access to corporate data and services by software developed by potentially unknown parties raises security concerns, making it imperative to ensure the adequacy of the mentioned software to the institutional security policies. Nevertheless, there is a lack of automatic tools capable of guaranteeing the mentioned adequacy in mobile platforms, either in their runtime environments or in their software development kits. This work, using recent ideas from the Information Flow Control area, proposes the architecture of a run-time environment for mobile applications that guarantees by construction their adequacy to some confidentiality and integrity policies, even in the presence of malicious code. The practicality of this architecture is validated by the implementation of an example application. This implementation illustrates the working of the proposed security mechanisms and their compatibility to a set of functionalities relevant to the scenario of corporate data manipulation.
|
6 |
Implementation Of Database Security Features Using Bit MatricesGopal, K 04 1900 (has links)
Information security is of utmost concern in a multiuser environment. The importance of security is felt much more with the widespread use of distributed database. Information is by itself a critical resource of an enterprise and thus the successful operation of an enterprise demands that data be made accessible only by authorized users and that the data be made to reflect the state of the enterprise.
Since many databases are online, accessed by multiple users concurrently, special mechanisms are needed to insure integrity and security of relevant information, This thesis describes a model for computer database security that supports a wide variety of security policies.
The terms security policies and security mechanism are presented in Chapter I. The interrelated topics of security and integrity are discussed in some detail. The importance and means of insuring security of information is also presented in this chapter.
In Chapter 2, the work done In the field of Computer Security and related topic has been presented. In general computer security models could be classified broadly under the two categories.
(1) Models based on Access Control Matrix and
(2) Models based on Information Flow Control.
The development of the models baaed on the above two schemes as also the policies supported by some of the schemes are presented in this chapter.
A brief description of the work carried out in database security as aim the definition of related terns are given in Chapter 3. The interrelationship between the operating system security and database security is also presented in this chapter. In general the database security mechanism depends on the existing operating system. The database security mechanism are thus only as strong as the underlying operating system on which it is developed. The various schemes used for implementing database security such as access controller and capability lists are described in this chapter.
In Chapter 4, a model for database security has been described. The model provides for:
(a) Delegation of access rights by a user and
(b) Revocation of access rights previously granted by a user.
In addition, algorithms for enforcing context dependent and content dependent rules are provided in this cheer. The context-dependent rules are stored in the form of elements of a bit matrix. Context-dependent rules could then be enforced by suitably manipulating the bit matrix and interpreting the value of me elements of the matrix, The major advantage of representing the rules using bit matrices is that the matrix itself could be maintalnet3 in main memory. The time taken to examine if a user is authorized to access an object is drastically reduced because of the reduced time required to inspect main memory. The method presented in this chapter, in addition to reducing the time requirement for enforcing security also presents a method for enforcing decentralized authorization control, a facility that is useful in a distributed database environment.
Chapter 5 describes a simulation method that is useful for comparing the various security schemes. The tasks involved in the simulation are –
1. Creation of an arrival (job).
2. Placing the incoming job either in the wait queue or in the run state depending on the type of access needed for: the object.
3. Checking that the user on whose behalf the job is being executed is authorized to access the object in the mode requested.
4. Checking for the successful completion of the job and termination of the job.
5. Collection of important parameters such as number of jobs processed, average connect time.
Simulation was carried out for timing both the access controller scheme and bit matrix scheme, The results of the simulation run bear the fact that the bit matrix scheme provides a faster method Six types of access were assumed to be permissible, three of the access types requiring shared lock and the rest requiring exclusive locks on the objects concerned, In addition the only type of operation allowed was assumed to be for accessing the objects.
It is be noted that the time taken to check for security violation is but one of the factors for rating the security system. In general, various other factors such as cost of implementing the security system, the flexibility that offers enforcing security policies also have to be taken into account while comparing the security systems.
Finally, in Chapter 6, a comparison of the security schemes are made. In conclusion the bit matrix approach is seen to provide the following features.
(a) The time required to check if an access request should be honoured is very small.
(b) The time required to find a11 users accessing an object viz, accountability is quite small.
(c) The time required to find all objects accessible by a user is also quite small.
(dl The scheme supports both decentralized and centralized authorization control.
(e) Mechanism for enforcing delegation of access rights and revocation of access rights could be built in easily.
( f ) The scheme supports content-dependent, context-dependent controls and also provides a means for enforcing history-dependent control.
Finally, some recommendations for further study in the field of Computer Database Security are presented.
|
7 |
Suivi de flux d'information correct pour les systèmes d'exploitation Linux / Correct information flow tracking for Linux operating systemsGeorget, Laurent 28 September 2017 (has links)
Nous cherchons à améliorer l'état de l'art des implémentations de contrôle de flux d'information dans les systèmes Linux. Le contrôle de flux d'information vise à surveiller la façon dont l'information se dissémine dans le système une fois hors de son conteneur d'origine, contrairement au contrôle d'accès qui ne peut permettre d'appliquer des règles que sur la manière dont les conteneurs sont accédés. Plusieurs défis scientifiques et techniques se sont présentés. Premièrement, la base de code Linux est particulièrement grande, avec quinze millions de lignes de code réparties dans trente-mille fichiers. La première contribution de cette thèse a été un plugin pour le compilateur GCC permettant d'extraire et visualiser aisément les graphes de flot de contrôle des fonctions du noyau. Ensuite, le framework des Linux Security Modules qui est utilisé pour implémenter les moniteurs de flux d'information que nous avons étudiés (Laminar [1], KBlare [2] et Weir [3]) a été conçu en premier lieu pour le contrôle d'accès, et non de flux. La question se pose donc de savoir si le framework est implémenté de telle sorte à permettre la capture de tous les flux produits par les appels système. Nous avons créé et implémenté une analyse statique permettant de répondre à ce problème. Cette analyse statique est implémenté en tant que plugin GCC et nous a permis d'améliorer le framework LSM pour capturer tous les flux. Enfin, nous avons constaté que les moniteurs de flux actuels n'étaient pas résistants aux conditions de concurrence entre les flux et ne pouvaient pas traiter certains canaux ouverts tels que les projections de fichiers en mémoire et les segments de mémoire partagée entre processus. Nous avons implémenté Rfblare, un nouvel algorithme de suivi de flux, pour KBlare, dont nous avons prouvé la correction avec Coq. Nous avons ainsi montré que LSM pouvait être utilisé avec succès pour implémenter le contrôle de flux d'information, et que seules les méthodes formelles, permettant la mise en œuvre de méthodologie, d'analyses ou d'outils réutilisables, permettaient de s'attaquer à la complexité et aux rapides évolutions du noyau Linux. / We look forward to improving the implementations of information flow control mechanisms in Linux Operating Systems. Information Flow Control aims at monitoring how information disseminates in a system once it is out of its original container, unlike access control which can merely apply rule on how the containers are accessed. We met several scientific and technical challenges. First of all, the Linux codebase is big, over fifteen millions lines of code spread over thirty three thousand files. The first contribution of this thesis is a plugin for the GCC compiler able to extract and let a user easily visualize the control flow graphs of the Linux kernel functions. Secondly, the Linux Security Modules framework which is used to implement the information flow trackers we have reviewed (Laminar, KBlare, and Weir) was designed in the first place to implement access control, rather than information flow control. One issue is thus left open: is the framework implemented in such a way that all flows generated by system calls can be captured? We have created and implemented static analysis to address this problem and proved its correction with the Coq proof assistant system. This analysis is implemented as a GCC plugin and have allowed us to improve the LSM framework in order to capture all flows. Finally, we have noted that current information flow trackers are vulnerable to race conditions between flows and are unable to cover some overt channels of information such as files mapping to memory and shared memory segments between processes. We have implemented Rfblare, a new algorithm of flow tracking, for KBlare. The correction of this algorithm has been proved with Coq. We have showed that LSM can be used successfully to implement information flow control, and that only formal methods, leading to reusable methodology, analysis, tools, etc., are a match for the complexity and the fast-paced evolution of the Linux kernel.
|
8 |
Construction de systèmes répartis sécurisés à base de composants / Tools' design and development for building secure component-based distributed systemsYoussef, Lilia 12 May 2012 (has links)
L'objectif de ce travail est de fournir des modèles et outils pour simplifier la construction des systèmes distribués à base de composants sécurisés, ainsi que la gestion des propriétés de sécurité, en utilisant des outils de haut niveau d'abstraction pour la configuration et la reconfiguration dynamique. En plus des propriétés d'accessibilité et de communications sécurisées classiques, nous focalisons notre travail sur une propriété des systèmes répartis plus générale : la non-interférence. Cette propriété atteste qu'il ne doit pas y avoir de flux d'information entre des parties publiques et privées du système. Ce qui implique le suivi de l'acheminement de l'information entre les différentes composantes du système distribué. Notre objectif principal est donc de proposer un modèle, accompagné d'un ensemble d'outils, garantissant la propriété de la non-interférence à la construction du système, et ce à une plus grosse granularité : celle des composants. Ces outils permettent de (1) configurer les paramètres de sécurité des composants et des liaisons entre eux, (2) vérifier la propriété de non-interférence dans le code d'un composant et entre les différents composants du système et (3) générer automatiquement le code nécessaire pour appliquer ces propriétés de sécurité. D'autre part, nous proposons une architecture permettant de vérifier dynamiquement la propriété de non-interférence dans un système réparti. / The goal of this thesis is to provide models and tools to simplify secured component-based distributed systems' construction and the management of their security properties, by using high-level tools for dynamic configuration and reconfiguration. In addition to the classic properties of accessibility and secured communications, we focus on a more general security property of distributed systems : the non-interference. This property says that there mustn't be information flow between secret and public parts of the system ; which requires information flow control across the system. Our main objective is to propose a model and set of tools guarantying the non-interference property at compiletime, and at a bigger granularity : the components. These tools are (1) tools for configuring security parameters of components and binding between components, (2) a compiler checking the non-interference property, and (3) tools for automatic generation of code assuring these security properties. On the other hand, we present an architecture enabling a dynamic verification of the non-interference property in a distributed system.
|
9 |
Language-Based Techniques for Policy-Agnostic Oblivious ComputationQianchuan Ye (18431691) 28 April 2024 (has links)
<p dir="ltr">Protecting personal information is growing increasingly important to the general public, to the point that major tech companies now advertise the privacy features of their products. Despite this, it remains challenging to implement applications that do not leak private information either directly or indirectly, through timing behavior, memory access patterns, or control flow side channels. Existing security and cryptographic techniques such as secure multiparty computation (MPC) provide solutions to privacy-preserving computation, but they can be difficult to use for non-experts and even experts.</p><p dir="ltr">This dissertation develops the design, theory and implementation of various language-based techniques that help programmers write privacy-critical applications under a strong threat model. The proposed languages support private structured data, such as trees, that may hide their structural information and complex policies that go beyond whether a particular field of a record is private. More crucially, the approaches described in this dissertation decouple privacy and programmatic concerns, allowing programmers to implement privacy-preserving applications modularly, i.e., to independently develop application logic and independently update and audit privacy policies. Secure-by-construction applications are derived automatically by combining a standard program with a separately specified security policy.</p><p><br></p>
|
10 |
From qualitative to quantitative program analysis : permissive enforcement of secure information flow / Approches qualitatives et quantitatives d'analyse de programmes : mise en oeuvre permissive de flux d’information sécurisésAssaf, Mounir 06 May 2015 (has links)
De nos jours, les ordinateurs sont omniprésents. Tous ces ordinateurs stockent et manipulent de l'information, parfois sensible, d'où l'intérêt de protéger et de confiner la dissémination de cette information. Les mécanismes de contrôle de flux d'information permettent justement d'analyser des programmes manipulant de l'information sensible, afin de prévenir les fuites d'information. Les contributions de cette thèse incluent des techniques d'analyse de programmes pour le contrôle de flux d'information tant qualitatif que quantitatif. Les techniques d'analyse qualitatives permettent la détection et la prévention des fuites d'information. Les techniques quantitatives permettent d'estimer ces fuites afin de décider si elles sont négligeables. / Computers have become widespread nowadays. All these computers store and process information. Often, some of this information is sensitive; hence the need to confine and control its dissemination. An important field in computer science, that is concerned about analysing programs in order to confine and control the release of sensitive information, is the information flow control field. The contributions of this thesis include program analysis techniques for qualitative and quantitative information flow control. Qualitative techniques aim at detecting and preventing information leaks. Quantitative techniques go beyong the detection of information leaks, by estimating the leakage in order to decide whether it is negligeable.
|
Page generated in 0.1389 seconds