Filters








61,953 Hits in 3.8 sec

Clouds of Things Need Information Flow Control with Hardware Roots of Trust

Thomas F. J.-M. Pasquier, Jatinder Singh, Jean Bacon
2015 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom)  
Towards this, we propose an approach based on Information Flow Control (IFC) that allows: (1) the continuous, end-to-end enforcement of data flow policy, and (2) the generation of provenance-like audit  ...  There is a clear, outstanding need for new security mechanisms that allow data to be managed and controlled within the cloud-enabled Internet of Things.  ...  ACKNOWLEDGEMENT This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 CloudSafe-tyNet.  ... 
doi:10.1109/cloudcom.2015.41 dblp:conf/cloudcom/PasquierSB15 fatcat:tna3qe4grbdyjkh4jwzggnoqda

Data-Driven Software Security: Models and Methods

Ulfar Erlingsson
2016 2016 IEEE 29th Computer Security Foundations Symposium (CSF)  
This paper outlines a data-driven model for software security that takes an empirical, data-driven approach to modern software, and determines its exact, concrete behavior via comprehensive, online monitoring  ...  Those methods can be adopted in practice, even at very large scales, and demonstrate that data-driven software security models can provide real-world benefits.  ...  The clearest examples of this security model is the work to enforce the programmer's intended control and data flow that is often termed Control-Flow Integrity (CFI) and Data-Flow Integrity (DFI) [10]  ... 
doi:10.1109/csf.2016.40 dblp:conf/csfw/Erlingsson16 fatcat:5vi4idyb5jf65fe2wpvn4burxu

Information Flow Control for Secure Cloud Computing

Jean Bacon, David Eyers, Thomas F. J.-M. Pasquier, Jatinder Singh, Ioannis Papagiannis, Peter Pietzuch
2014 IEEE Transactions on Network and Service Management  
Index Terms-Cloud, data security, information flow, information flow control (IFC).  ...  particulars of the cloud software stack in order to effect enforcement.  ...  Data Flow Enforcement The enforcement part of IFC systems involves IFC policy being checked, and action taken if such a policy is violated by a given data flow.  ... 
doi:10.1109/tnsm.2013.122313.130423 fatcat:oczijxwkfvdtrgar6nvab4ypem

Runtime Integrity for Cyber-Physical Infrastructures [chapter]

Jonathan Jenkins, Mike Burmester
2015 IFIP Advances in Information and Communication Technology  
Trusted computing is a security paradigm that enables platforms to enforce the integrity of execution targets (code and data). However, protection under this paradigm is restricted to static threats.  ...  The effectiveness of the approach is demonstrated by presenting a prototype for call integrity.  ...  Acknowledgement This research was partially supported by the National Science Foundation under Grant Nos. DUE 1241525, CNS 1347113 and DGE 1538850.  ... 
doi:10.1007/978-3-319-26567-4_10 fatcat:igu4nujm7ngltgzsewvy4dpeiq

Enforcing security and safety models with an information flow analysis tool

Roderick Chapman, Adrian Hilton
2004 Proceedings of the 2004 annual ACM SIGAda international conference on Ada The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies - SIGAda '04  
In this paper we show how the information flow model enforced by the SPARK Examiner provides support for enforcing these security and safety models.  ...  This case poses problems similar to systems with differing security levels; failure to show separation of data may require the entire system to be validated at the higher integrity level.  ...  The authors are grateful to Peter Amey, Neil White and Will Ward from Praxis Critical Systems for their feedback on this paper and the prototype integrity checking facilities of the Examiner.  ... 
doi:10.1145/1032297.1032305 dblp:conf/sigada/ChapmanH04 fatcat:2jndzzk5ebhrnefzxtyjngico4

Distributed Middleware Enforcement of Event Flow Security Policy [chapter]

Matteo Migliavacca, Ioannis Papagiannis, David M. Eyers, Brian Shand, Jean Bacon, Peter Pietzuch
2010 Lecture Notes in Computer Science  
Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components.  ...  Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system.  ...  Acknowledgements This work was supported by grants EP/F042469 and EP/F044216 ("SmartFlow: Extendable Event-Based Middleware") from the UK Engineering and Physical Sciences Research Council (EPSRC).  ... 
doi:10.1007/978-3-642-16955-7_17 fatcat:eud55oh7h5gohksqe4g4witkce

Enforcing security and safety models with an information flow analysis tool

Roderick Chapman, Adrian Hilton
2004 ACM SIGAda Ada Letters  
In this paper we show how the information flow model enforced by the SPARK Examiner provides support for enforcing these security and safety models.  ...  This case poses problems similar to systems with differing security levels; failure to show separation of data may require the entire system to be validated at the higher integrity level.  ...  The authors are grateful to Peter Amey, Neil White and Will Ward from Praxis Critical Systems for their feedback on this paper and the prototype integrity checking facilities of the Examiner.  ... 
doi:10.1145/1046191.1032305 fatcat:rtvfizjyvzb3nduaa4wezsq57y

Transforming commodity security policies to enforce Clark-Wilson integrity

Divya Muthukumaran, Sandra Rueda, Nirupama Talele, Hayawardh Vijayakumar, Jason Teutsch, Trent Jaeger
2012 Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12  
As a result, security practitioners react to vulnerabilities as adversaries uncover them, rather than proactively protecting the system's data integrity.  ...  The method uses the insights from the Clark-Wilson model, which requires integrity verification of security-critical data and mediation at program entrypoints, to extend existing MAC policies with the  ...  The lattice imposes security constraints on the information flows enabled by the data flow graph. Each pair u, v ∈ V s.t.  ... 
doi:10.1145/2420950.2420991 dblp:conf/acsac/MuthukumaranRTVTJ12 fatcat:ufdfd6lr2jezbph3jmolzx7tpe

Hardware supported Software and Control Flow Integrity

Ruan de Clercq
2017 Zenodo  
This includes developing the first known Control Flow Integrity architecture based on instruction-set randomisation, that also enforces software integrity through modifications to a processor.  ...  First, we analyse existing hardware-based Control Flow Integrity (CFI) architectures.  ...  SOFIA: Software and Control Flow Integrity Architecture.  ... 
doi:10.5281/zenodo.2643373 fatcat:3elmla7my5fa5jyeti73b7pnkm

Enforcing End-to-End Application Security in the Cloud [chapter]

Jean Bacon, David Evans, David M. Eyers, Matteo Migliavacca, Peter Pietzuch, Brian Shand
2010 Lecture Notes in Computer Science  
We propose a principled approach to designing and deploying end-to-end secure, distributed software by means of thorough, relentless tagging of the security meaning of data, analogous to what is already  ...  The aim is to guarantee that-above a small trusted code base-data cannot be leaked by buggy or malicious software components.  ...  Acknowledgments This work was supported by grants EP/C547632, EP/F042469, and EP/F044216 from the UK Engineering and Physical Sciences Research Council (EPSRC).  ... 
doi:10.1007/978-3-642-16955-7_15 fatcat:ptw2qd7mkjhhnjwqtaj7zyfx74

Practical information-flow aware middleware for in-car communication

Alexandre Bouard, Benjamin Weyl, Claudia Eckert
2013 Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles - CyCAR '13  
In this paper, we present solutions for decentralized information flow control in order to enhance the security and privacy level of the car data management.  ...  Today's vehicles are increasingly connected to Internet, devices and integrate more and more electronic components.  ...  Comparing labels allows to constrain the information flow and therefore to protect the information integrity and confidentiality, for example by isolating potentially corrupted data from critical applications  ... 
doi:10.1145/2517968.2517969 dblp:conf/ccs/BouardWE13 fatcat:w6rl3bcdo5fupnmsccziscuepa

How languages can save distributed computing

Andrew C. Myers
2013 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '13  
The security of the system is enforced both statically and dynamically by using these policies to control information flow.  ...  that specify the confidentiality and integrity of information manipulated by the program.  ...  The security of the system is enforced both statically and dynamically by using these policies to control information flow.  ... 
doi:10.1145/2429069.2429107 dblp:conf/popl/Myers13 fatcat:ifnyjqc3izfzbb7oykiue2rery

Design and development of an embedded aeronautical router with security capabilities

Antoine Varet, Nicolas Larrieu
2012 2012 Integrated Communications, Navigation and Surveillance Conference  
Then we examine the partition in charge of the security of data exchanged through the router.  ...  In this paper, we present the IP based Secure Next Generation Router (SNG router) we have developed, providing regulation, routing, secure merging of different data sources and preserving of their segregation  ...  It provides evidence for the security of the software and for the security of the data forwarded by the router.  ... 
doi:10.1109/icnsurv.2012.6218391 fatcat:xpxtqpdotzbxfccfweevnlgemm

Dynamic Information Flow Tracking: Taxonomy, Challenges, and Opportunities

Kejun Chen, Xiaolong Guo, Qingxu Deng, Yier Jin
2021 Micromachines  
Dynamic information flow tracking (DIFT) has been proven an effective technique to track data usage; prevent control data attacks and non-control data attacks at runtime; and analyze program performance  ...  Based on the analysis, we classify the existing solutions into three categories, i.e., software, hardware, software and hardware co-design.  ...  The security policy is enforced at the level of instructions to enforce memory safety, control-flow integrity, data flow integrity and separation between code and data.  ... 
doi:10.3390/mi12080898 fatcat:zfkiddrjvbfjli7ht6x5jgyp7q

Camflow: Managed Data-Sharing for Cloud Services

Thomas F. J.-M. Pasquier, Jatinder Singh, David Eyers, Jean Bacon
2017 IEEE Transactions on Cloud Computing  
Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data  ...  We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software.  ...  ACKNOWLEDGMENTS This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 Cloud-SafetyNet: End-to-End Application Security in the Cloud.  ... 
doi:10.1109/tcc.2015.2489211 fatcat:bytla3mpwfhwjgr52yqj5ghewm
« Previous Showing results 1 — 15 out of 61,953 results