On-the-fly inlining of dynamic dependency monitors for secure information flow

Luciano Bello; Eduardo Bonelli

doi:10.1007/978-3-642-29420-4_4

On-the-fly inlining of dynamic dependency monitors for secure information flow

Luciano Bello, Eduardo Bonelli

Instituto Tecnológico de Buenos Aires

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

Information flow analysis (IFA) in the setting of programming languages is steadily veering towards the adoption of dynamic techniques. This is particularly attractive for scripting languages for web applications programming. A common manifestation of dynamic techniques is that of run-time monitors, which should block program execution in the presence of an insecure run. Significant efforts are still required before practical, scalable monitors for secure IFA of industrial scale languages such as JavaScript can be achieved. Such monitors ideally should compensate for the absence of the traces they do not track, should not require modifications of the VM and should provide a fair compromise between security and usability among other things. This paper discusses on-the-fly inlining of monitors that track dependencies as a prospective candidate.

Original language	English
Title of host publication	Formal Aspects of Security and Trust - 8th International Workshop, FAST 2011, Revised Selected Papers
Pages	55-69
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-642-29420-4_4
State	Published - 2012
Event	8th International Workshop on Formal Aspects of Security and Trust, FAST 2011 - Leuven, Belgium Duration: 12 Sep 2011 → 14 Sep 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7140 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	8th International Workshop on Formal Aspects of Security and Trust, FAST 2011
Country/Territory	Belgium
City	Leuven
Period	12/09/11 → 14/09/11

Access to Document

10.1007/978-3-642-29420-4_4

Cite this

Bello, L., & Bonelli, E. (2012). On-the-fly inlining of dynamic dependency monitors for secure information flow. In Formal Aspects of Security and Trust - 8th International Workshop, FAST 2011, Revised Selected Papers (pp. 55-69). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7140 LNCS). https://doi.org/10.1007/978-3-642-29420-4_4

Bello, Luciano ; Bonelli, Eduardo. / On-the-fly inlining of dynamic dependency monitors for secure information flow. Formal Aspects of Security and Trust - 8th International Workshop, FAST 2011, Revised Selected Papers. 2012. pp. 55-69 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{552ccaa0de8542a6beefb3204d8d19bc,

title = "On-the-fly inlining of dynamic dependency monitors for secure information flow",

abstract = "Information flow analysis (IFA) in the setting of programming languages is steadily veering towards the adoption of dynamic techniques. This is particularly attractive for scripting languages for web applications programming. A common manifestation of dynamic techniques is that of run-time monitors, which should block program execution in the presence of an insecure run. Significant efforts are still required before practical, scalable monitors for secure IFA of industrial scale languages such as JavaScript can be achieved. Such monitors ideally should compensate for the absence of the traces they do not track, should not require modifications of the VM and should provide a fair compromise between security and usability among other things. This paper discusses on-the-fly inlining of monitors that track dependencies as a prospective candidate.",

author = "Luciano Bello and Eduardo Bonelli",

year = "2012",

doi = "10.1007/978-3-642-29420-4_4",

language = "English",

isbn = "9783642294198",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "55--69",

booktitle = "Formal Aspects of Security and Trust - 8th International Workshop, FAST 2011, Revised Selected Papers",

note = "8th International Workshop on Formal Aspects of Security and Trust, FAST 2011 ; Conference date: 12-09-2011 Through 14-09-2011",

}

Bello, L & Bonelli, E 2012, On-the-fly inlining of dynamic dependency monitors for secure information flow. in Formal Aspects of Security and Trust - 8th International Workshop, FAST 2011, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7140 LNCS, pp. 55-69, 8th International Workshop on Formal Aspects of Security and Trust, FAST 2011, Leuven, Belgium, 12/09/11. https://doi.org/10.1007/978-3-642-29420-4_4

On-the-fly inlining of dynamic dependency monitors for secure information flow. / Bello, Luciano; Bonelli, Eduardo.
Formal Aspects of Security and Trust - 8th International Workshop, FAST 2011, Revised Selected Papers. 2012. p. 55-69 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7140 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On-the-fly inlining of dynamic dependency monitors for secure information flow

AU - Bello, Luciano

AU - Bonelli, Eduardo

PY - 2012

Y1 - 2012

N2 - Information flow analysis (IFA) in the setting of programming languages is steadily veering towards the adoption of dynamic techniques. This is particularly attractive for scripting languages for web applications programming. A common manifestation of dynamic techniques is that of run-time monitors, which should block program execution in the presence of an insecure run. Significant efforts are still required before practical, scalable monitors for secure IFA of industrial scale languages such as JavaScript can be achieved. Such monitors ideally should compensate for the absence of the traces they do not track, should not require modifications of the VM and should provide a fair compromise between security and usability among other things. This paper discusses on-the-fly inlining of monitors that track dependencies as a prospective candidate.

AB - Information flow analysis (IFA) in the setting of programming languages is steadily veering towards the adoption of dynamic techniques. This is particularly attractive for scripting languages for web applications programming. A common manifestation of dynamic techniques is that of run-time monitors, which should block program execution in the presence of an insecure run. Significant efforts are still required before practical, scalable monitors for secure IFA of industrial scale languages such as JavaScript can be achieved. Such monitors ideally should compensate for the absence of the traces they do not track, should not require modifications of the VM and should provide a fair compromise between security and usability among other things. This paper discusses on-the-fly inlining of monitors that track dependencies as a prospective candidate.

UR - http://www.scopus.com/inward/record.url?scp=84863955411&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84863955411&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-29420-4_4

DO - 10.1007/978-3-642-29420-4_4

M3 - Conference contribution

AN - SCOPUS:84863955411

SN - 9783642294198

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 55

EP - 69

BT - Formal Aspects of Security and Trust - 8th International Workshop, FAST 2011, Revised Selected Papers

T2 - 8th International Workshop on Formal Aspects of Security and Trust, FAST 2011

Y2 - 12 September 2011 through 14 September 2011

ER -

Bello L, Bonelli E. On-the-fly inlining of dynamic dependency monitors for secure information flow. In Formal Aspects of Security and Trust - 8th International Workshop, FAST 2011, Revised Selected Papers. 2012. p. 55-69. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-29420-4_4

On-the-fly inlining of dynamic dependency monitors for secure information flow

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this