43,233 Hits in 4.5 sec

SafeWeb: A Middleware for Securing Ruby-Based Web Applications [chapter]

Petr Hosek, Matteo Migliavacca, Ioannis Papagiannis, David M. Eyers, David Evans, Brian Shand, Jean Bacon, Peter Pietzuch
2011 Lecture Notes in Computer Science  
Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties.  ...  We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier  ...  Data") from the UK Engineering and Physical Sciences Research Council (EPSRC).  ... 
doi:10.1007/978-3-642-25821-3_25 fatcat:uow54ctyzbbvxmrvj2qhxrlbru

Analyzing Information Flow in JavaScript-Based Browser Extensions

Mohan Dhawan, Vinod Ganapathy
2009 2009 Annual Computer Security Applications Conference  
Malicious JSEs can misuse these privileges to compromise confidentiality and integrity, e.g., by stealing sensitive information, such as cookies and saved passwords, or executing arbitrary code on the  ...  To enable a rich set of functionalities, browsers typically execute JSEs with elevated privileges.  ...  We thank Jan Jajalla for his help with experiments, members of DiscoLab and the anonymous reviewers for their comments. This work was supported by NSF awards 0831268, 0915394 and 0931992.  ... 
doi:10.1109/acsac.2009.43 dblp:conf/acsac/DhawanG09 fatcat:2qis6oqbtzduxepgq2zh2q3zpy

Preventing Information Leaks through Shadow Executions

Roberto Capizzi, Antonio Longo, V.N. Venkatakrishnan, A. Prasad Sistla
2008 2008 Annual Computer Security Applications Conference (ACSAC)  
We describe the design and implementation of this approach for Windows applications.  ...  We address this confidentiality concern of end users by an approach called shadow execution.  ...  Data sandboxing [9] partitions a program into private and public zones based on the data handled, and enforces different confidentiality policies on these zones.  ... 
doi:10.1109/acsac.2008.50 dblp:conf/acsac/CapizziLVS08 fatcat:i7oerffd3zfn7igbkivppqwev4

A software-hardware architecture for self-protecting data

Yu-Yuan Chen, Pramod A. Jamkhedkar, Ruby B. Lee
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
lifetime enforcement of the confidentiality policies associated with the sensitive data.  ...  DataSafe architecture is designed to prevent illegitimate secondary dissemination of protected plaintext data by authorized recipients, to track and protect data derived from sensitive data, and to provide  ...  We thank the anonymous reviewers and our shepherd, Radu Sion, for their comments which have helped to improve this paper. We also thank Si Chen for helping with the software performance measurements.  ... 
doi:10.1145/2382196.2382201 dblp:conf/ccs/ChenJL12 fatcat:nqrf6k2wdnf5lcojjxjtgon4ai

Improving Agent Quality in Dynamic Smart Cities by Implementing an Agent Quality Management Framework

Najwa Abu Bakar, Ali Selamat, Ondrej Krejcar
2019 Applied Sciences  
It is critical for quality requirements, such as trust, privacy, and confidentiality, to be fulfilled during the execution of smart city applications.  ...  This paper demonstrates the effectiveness of the approach by applying it toward a smart city application called a crowdsourced navigation system to verify and assess agent data confidentiality.  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/app9235111 fatcat:haqwrh5h2rd3jadassbtnhp3sq

Extracting Conditional Confidentiality Policies

Michael Carl Tschantz, Jeannette M. Wing
2008 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods  
Sections 2 and 3 of this document includes work first published by the authors as a techincal report on February 9, 2007 [TW07].  ...  Furthermore, our analysis is the first to handle interactive I/O while being compositional and flow sensitive.  ...  Any opinion, finding, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.  ... 
doi:10.1109/sefm.2008.46 dblp:conf/sefm/TschantzW08 fatcat:5an2e6tz3vhmpi4n52wphlqa6e

Towards mechanisms for detection and prevention of data exfiltration by insiders

Elisa Bertino, Gabriel Ghinita
2011 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11  
Therefore, one of the most severe threats in the case of cyber-insider attacks is the loss of confidential data due to exfiltration.  ...  (SQL) with well-understood semantics; (2) monitoring the potential disclosure of confidential data is more effective if done as close as possible to the data source; and (3) the DBMS layer already has  ...  Tracking the data flow and ensuring that sensitive data items are properly marked is not a trivial task.  ... 
doi:10.1145/1966913.1966916 dblp:conf/ccs/BertinoG11 fatcat:6ihhymfipvccnbe6rmlg5kimna

Context-sensitive detection of information exposure bugs with symbolic execution

Paul Muntean, Claudia Eckert, Andreas Ibing
2014 Proceedings of the International Workshop on Innovative Software Development Methodologies and Practices - InnoSWDev 2014  
We discuss one static analysis approach for detecting information exposure bugs and relate briefly the usability of our bug testing tool to empirical research.  ...  Our tool is context-sensitive and uses static code analysis for bug detection.  ...  ACKNOWLEDGMENTS We thank the anonymous reviewers for their comments. This research is funded by the German Ministry for Education and Research (BMBF) under grant number 01IS13020. 10.  ... 
doi:10.1145/2666581.2666591 dblp:conf/sigsoft/MunteanEI14 fatcat:nmyagejo35eqjnacrhmlaripoe

BliMe: Verifiably Secure Outsourced Computation with Hardware-Enforced Taint Tracking [article]

Hossam ElAtali, Lachlan J. Gunn, Hans Liljestrand, N. Asokan
2022 arXiv   pre-print
BliMe consists of a novel and minimal set of ISA extensions that uses taint tracking to ensure the confidentiality of sensitive (client) data even in the presence of server malware, run-time attacks, and  ...  Clients rely on remote attestation to ensure that their data will always be protected by BliMe's taint tracking policy after decryption.  ...  ACKNOWLEDGEMENTS This work is supported in part by Natural Sciences and Engineering Research Council of Canada (RGPIN-2020-04744) and Intel Labs via the Private-AI consortium, and by the Academy of Finland  ... 
arXiv:2204.09649v4 fatcat:f37qznqarnda5kzni32jlxndt4

Language-based information-flow security

A. Sabelfeld, A.C. Myers
2003 IEEE Journal on Selected Areas in Communications  
An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow.  ...  We give a structured view of recent work in the area and identify some important open challenges.  ...  ACKNOWLEDGMENT The authors would like to thank M. Hicks for helpful comments and the anonymous reviewers for useful feedback.  ... 
doi:10.1109/jsac.2002.806121 fatcat:elktqhzkyfcqhb7kcghzi4j3pe

WebPol: Fine-grained Information Flow Policies for Web Browsers [article]

Abhishek Bichhawat and Vineet Rajani and Jinank Jain and Deepak Garg and Christian Hammer
2017 arXiv   pre-print
need and to prevent the scripts from leaking data on the side.  ...  This leaves the application's confidential data vulnerable to theft and leakage by malicious code and inadvertent bugs in the third-party scripts.  ...  This work was funded in part by the Deutsche Forschungsgemeinschaft (DFG) grant "Information Flow Control for Browser Clients" under the priority program "Reliably Secure Software Systems" (RS 3 ).  ... 
arXiv:1706.06932v3 fatcat:klqgk65nh5bpzp6i32elu2om44

WebPol: Fine-Grained Information Flow Policies for Web Browsers [chapter]

Abhishek Bichhawat, Vineet Rajani, Jinank Jain, Deepak Garg, Christian Hammer
2017 Lecture Notes in Computer Science  
need and to prevent the scripts from leaking data on the side.  ...  This leaves the application's confidential data vulnerable to theft and leakage by malicious code and inadvertent bugs in the third-party scripts.  ...  This work was funded in part by the Deutsche Forschungsgemeinschaft (DFG) grant "Information Flow Control for Browser Clients" under the priority program "Reliably Secure Software Systems" (RS 3 ).  ... 
doi:10.1007/978-3-319-66402-6_15 fatcat:q5bjbnawmzbnvheyb7uiftq4nq

Data Loss Prevention Based on Data-Driven Usage Control

Tobias Wuchner, Alexander Pretschner
2012 2012 IEEE 23rd International Symposium on Software Reliability Engineering  
This is done with function call interposition techniques to intercept application calls to the Windows API in combination with methods to track the flows of confidential data through the system.  ...  UC4Win is capable of detecting and controlling data-loss related events at the level of individual function calls.  ...  The focus of UC4Win is on the enforcement of already defined security policies on the usage of sensitive data.  ... 
doi:10.1109/issre.2012.10 dblp:conf/issre/WuchnerP12 fatcat:76qanroebnd2zmrhw5356bs5ra


Daniel Hedin, Arnar Birgisson, Luciano Bello, Andrei Sabelfeld
2014 Proceedings of the 29th Annual ACM Symposium on Applied Computing - SAC '14  
Script inclusion poses a challenge of ensuring that the integrated third-party code respects security and privacy.  ...  We show how to resolve practical challenges for enforcing information-flow policies for the full JavaScript language, as well as tracking information in the presence of libraries, as provided by browser  ...  Arnar Birgisson is a recipient of the Google Europe Fellowship in Computer Security, and this research is supported in part by this Google Fellowship.  ... 
doi:10.1145/2554850.2554909 dblp:conf/sac/HedinBBS14 fatcat:ldqgkcivkzg6lp2rt62ihk7fza

Distributed Analytics on Sensitive Medical Data: The Personal Health Train

Oya Beyan, Ananya Choudhury, Johan van Soest, Oliver Kohlbacher, Lukas Zimmermann, Holger Stenzhorn, Md. Rezaul Karim, Michel Dumontier, Stefan Decker, Luiz Olavo Bonino da Silva Santos, Andre Dekker
2019 Data Intelligence  
The main principle of the PHT is that data remain in their original location, and analytical tasks visit data sources and execute the tasks.  ...  It facilitates the responsible use of sensitive and/or personal data by adopting international principles and regulations.  ...  Applicability of FAIR principles to the components of the PHT. Distributed Analytics on Sensitive Medical Data: The Personal Health Train execute them.  ... 
doi:10.1162/dint_a_00032 fatcat:vrwidp6idrhkrjp3slipemxvv4
« Previous Showing results 1 — 15 out of 43,233 results