Abstract
We address the problem of program partitioning: dividing a program into isolated compartments that communicate via remote procedure calls to follow a security policy. Existing solutions for C programs often use a simple model that offers only “sensitive or not” control and do not provide formal guarantees of partition correctness. We present a C program partitioner for security-conscious applications that addresses these shortcomings through annotation with fine-grained security constraints (chiefly, declassification of sensitive data to select parties); from these annotations, we automatically determine a partition and auto-generate code for marshaling, serialization, and remote procedure calls. We provide post-partition verification, which leverages translation validation to show that output program partitions are behaviorally equivalent to their input programs and satisfy the security policy specified by annotations. We present results that show our approach is practical when partitioning large realistic C applications with non-trivial security constraints.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
