TY - GEN
T1 - Runtime enforcement of information flow security in tree manipulating processes
AU - Kovács, Máté
AU - Seidl, Helmut
N1 - Funding Information:
This work was partially supported by the German Research Foundation (DFG) under the project SpAGAT (grant no. FI 936/2-1) in the priority program “Reliably Secure Software Systems – RS3”.
PY - 2012
Y1 - 2012
N2 - We consider the problem of enforcing information flow policies in Xml manipulating programs such as Web services and business processes implemented in current workflow languages. We propose a runtime monitor that can enforce the secrecy of freely chosen subtrees of the data throughout the execution. The key idea is to apply a generalized constant propagation for computing the public effect of branching constructs whose conditions may depend on the secret. This allows for a better precision than runtime monitors which rely on tainting of variables or nodes alone. We demonstrate our approach for a minimalistic tree manipulating programming language and prove its correctness w.r.t. the concrete semantics of programs.
AB - We consider the problem of enforcing information flow policies in Xml manipulating programs such as Web services and business processes implemented in current workflow languages. We propose a runtime monitor that can enforce the secrecy of freely chosen subtrees of the data throughout the execution. The key idea is to apply a generalized constant propagation for computing the public effect of branching constructs whose conditions may depend on the secret. This allows for a better precision than runtime monitors which rely on tainting of variables or nodes alone. We demonstrate our approach for a minimalistic tree manipulating programming language and prove its correctness w.r.t. the concrete semantics of programs.
KW - Semi-structured data
KW - information flow control
KW - runtime enforcement
UR - http://www.scopus.com/inward/record.url?scp=84857260231&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-28166-2_6
DO - 10.1007/978-3-642-28166-2_6
M3 - Conference contribution
AN - SCOPUS:84857260231
SN - 9783642281655
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 46
EP - 59
BT - Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings
T2 - 4th International Symposium on Engineering Secure Software and Systems, ESSoS 2012
Y2 - 16 February 2012 through 17 February 2012
ER -