Abstract
Information flow control models can be applied widely. This paper discusses only the models preventing information leakage during program execution. In the prevention, an information flow control model dynamically monitors statements that will cause information flows and ban statements that may cause leakage. We involved in the research of information flow control for years and identified that sensitive information may be leaked only when it is output. However, most existing models ignore information flows induced by output statements. We thus designed a new model XIFC (X information flow control) that especially emphasizes the monitoring of output statements. We also designed XIFC as a precise and low runtime overhead model. To achieve this purpose, we took a different viewpoint to re-examine the features offered by existing models and extracted a necessary feature set for the design. Our experiments show that XIFC bans every non-secure information flow and substantially reduces runtime overhead when comparing with our previous work.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
