Sound and precise cross-layer data flow tracking

Enrico Lovat; Martín Ochoa; Alexander Pretschner

doi:10.1007/978-3-319-30806-7_3

Sound and precise cross-layer data flow tracking

Enrico Lovat
, Martín Ochoa
, Alexander Pretschner

Informatics 4 - Chair of Software und Systems Engineering

Technical University of Munich
Singapore University of Technology and Design

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

We connect runtime monitors for data flow tracking at different abstraction layers (a browser, a mail client, an operating system) and prove the soundness of this generic model w.r.t. a formal notion of explicit information flow. This allows us to (1) increase the precision of the analysis by exploiting the high-level semantics of events at higher levels of abstraction and (2) provide system-wide guarantees at the same time. For instance, using our model, we can soundly reason about the flow of a picture from the network through a browser into a cache file or a window on the screen by combining analyses at multiple layers.

Original language	English
Title of host publication	Engineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings
Editors	Eric Bodden, Juan Caballero, Elias Athanasopoulos
Publisher	Springer Verlag
Pages	38-55
Number of pages	18
ISBN (Print)	9783319308050
DOIs	https://doi.org/10.1007/978-3-319-30806-7_3
State	Published - 2016
Event	8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016 - London, United Kingdom Duration: 6 Apr 2016 → 8 Apr 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9639
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016
Country/Territory	United Kingdom
City	London
Period	6/04/16 → 8/04/16

Access to Document

10.1007/978-3-319-30806-7_3

Cite this

Lovat, E., Ochoa, M., & Pretschner, A. (2016). Sound and precise cross-layer data flow tracking. In E. Bodden, J. Caballero, & E. Athanasopoulos (Eds.), Engineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings (pp. 38-55). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9639). Springer Verlag. https://doi.org/10.1007/978-3-319-30806-7_3

Lovat, Enrico ; Ochoa, Martín ; Pretschner, Alexander. / Sound and precise cross-layer data flow tracking. Engineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings. editor / Eric Bodden ; Juan Caballero ; Elias Athanasopoulos. Springer Verlag, 2016. pp. 38-55 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{318de864ff354f81b982ae0e977ecd5c,

title = "Sound and precise cross-layer data flow tracking",

abstract = "We connect runtime monitors for data flow tracking at different abstraction layers (a browser, a mail client, an operating system) and prove the soundness of this generic model w.r.t. a formal notion of explicit information flow. This allows us to (1) increase the precision of the analysis by exploiting the high-level semantics of events at higher levels of abstraction and (2) provide system-wide guarantees at the same time. For instance, using our model, we can soundly reason about the flow of a picture from the network through a browser into a cache file or a window on the screen by combining analyses at multiple layers.",

author = "Enrico Lovat and Mart{\'i}n Ochoa and Alexander Pretschner",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2016.; 8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016 ; Conference date: 06-04-2016 Through 08-04-2016",

year = "2016",

doi = "10.1007/978-3-319-30806-7\_3",

language = "English",

isbn = "9783319308050",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "38--55",

editor = "Eric Bodden and Juan Caballero and Elias Athanasopoulos",

booktitle = "Engineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings",

}

Lovat, E, Ochoa, M & Pretschner, A 2016, Sound and precise cross-layer data flow tracking. in E Bodden, J Caballero & E Athanasopoulos (eds), Engineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9639, Springer Verlag, pp. 38-55, 8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016, London, United Kingdom, 6/04/16. https://doi.org/10.1007/978-3-319-30806-7_3

Sound and precise cross-layer data flow tracking. / Lovat, Enrico; Ochoa, Martín; Pretschner, Alexander.
Engineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings. ed. / Eric Bodden; Juan Caballero; Elias Athanasopoulos. Springer Verlag, 2016. p. 38-55 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9639).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Sound and precise cross-layer data flow tracking

AU - Lovat, Enrico

AU - Ochoa, Martín

AU - Pretschner, Alexander

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2016.

PY - 2016

Y1 - 2016

N2 - We connect runtime monitors for data flow tracking at different abstraction layers (a browser, a mail client, an operating system) and prove the soundness of this generic model w.r.t. a formal notion of explicit information flow. This allows us to (1) increase the precision of the analysis by exploiting the high-level semantics of events at higher levels of abstraction and (2) provide system-wide guarantees at the same time. For instance, using our model, we can soundly reason about the flow of a picture from the network through a browser into a cache file or a window on the screen by combining analyses at multiple layers.

AB - We connect runtime monitors for data flow tracking at different abstraction layers (a browser, a mail client, an operating system) and prove the soundness of this generic model w.r.t. a formal notion of explicit information flow. This allows us to (1) increase the precision of the analysis by exploiting the high-level semantics of events at higher levels of abstraction and (2) provide system-wide guarantees at the same time. For instance, using our model, we can soundly reason about the flow of a picture from the network through a browser into a cache file or a window on the screen by combining analyses at multiple layers.

UR - https://www.scopus.com/pages/publications/84962349049

U2 - 10.1007/978-3-319-30806-7_3

DO - 10.1007/978-3-319-30806-7_3

M3 - Conference contribution

AN - SCOPUS:84962349049

SN - 9783319308050

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 38

EP - 55

BT - Engineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings

A2 - Bodden, Eric

A2 - Caballero, Juan

A2 - Athanasopoulos, Elias

PB - Springer Verlag

T2 - 8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016

Y2 - 6 April 2016 through 8 April 2016

ER -

Lovat E, Ochoa M, Pretschner A. Sound and precise cross-layer data flow tracking. In Bodden E, Caballero J, Athanasopoulos E, editors, Engineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings. Springer Verlag. 2016. p. 38-55. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-30806-7_3

Sound and precise cross-layer data flow tracking

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this