A Field-Sensitive Security Monitor for Object-Oriented Programs. Issue 108 (September 2021)
- Record Type:
- Journal Article
- Title:
- A Field-Sensitive Security Monitor for Object-Oriented Programs. Issue 108 (September 2021)
- Main Title:
- A Field-Sensitive Security Monitor for Object-Oriented Programs
- Authors:
- Khakpour, Narges
- Abstract:
- Abstract: In this paper, we propose a sound method to synthesize a permissive monitor using boolean supervisory controller synthesis that observes a Java program at certain checkpoints, predicts information flow violations and applies suitable countermeasures to prevent violations. We introduce an approach for modeling heap and information flow via heap. To improve permissiveness, we train the monitor and remove false positives by executing the program along with its executable model. If a security violation is detected, the user can define sound countermeasures, including declassification to apply in checkpoints. We prove that the monitored program ensures localized delimited release in case of declassifying information and termination-insensitive noninterference in case of no declassification. We implement a tool to automate the whole process and generate a monitor. Our method is evaluated by applying it on the Droidbench benchmark and one real-life Android application.
- Is Part Of:
- Computers & security. Issue 108(2021)
- Journal:
- Computers & security
- Issue:
- Issue 108(2021)
- Issue Display:
- Volume 108, Issue 108 (2021)
- Year:
- 2021
- Volume:
- 108
- Issue:
- 108
- Issue Sort Value:
- 2021-0108-0108-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-09
- Subjects:
- Language-based security -- Information flow control -- Controller synthesis -- Heap modeling
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2021.102349 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 25452.xml