Abstract
Problem statement: How a host (the code consumer) can determine with certainty that a downloaded program received from untrusted source (the code producer) will maintain the confidentiality of the data it manipulates and it is safe to install and execute. Approach: The approach adopted for verifying that a downloaded program will not leak confidential data to unauthorized parties was based on the concept of Proof-Carrying Code (PCC). A mobile program (in its assembly form) was analyzed for information flow security based on the concept of proof-carrying code. The security policy was centered on a type system for analyzing information flows within assembly programs based on the notion of noninterference. Results: A verification tool for verifying assembly programs for information flow security was built. The tool certifies SPARC assembly programs for secure information flow by statically analyzing the program based on the idea of Proof-Carrying Code (PCC). The tool operated directly on the machine-code requiring only the inputs and outputs of the code annotated with security levels. The tool provided a windows user interface enabling the users to control the verification process. The proofs that untrusted program did not leak sensitive information were generated and checked on the host machine and if they are valid, then the untrusted program can be installed and executed safely. Conclusion: By basing proof-carrying code infrastructure on information flow analysis type-system, a sufficient assurance of protecting confidential data manipulated by the mobile program can be obtained. This assurance was come due to the fact that type systems provide a sufficient guarantee of protecting confidentiality.
Highlights
Recent years have witnessed a growing interest of information flow security analysis due to their connection to the problem of protecting confidential data
The main result of this study is a security technique for verifying assembly programs for secure information flow
To make all the components and concepts of the proposed security technique more concrete, a tool, which is called SPARC Proof-Carrying Code (PCC)-SIF, was developed for verifying SPARC assembly programs for secure information flow based on the proposed security approach
Summary
Recent years have witnessed a growing interest of information flow security analysis due to their connection to the problem of protecting confidential data. The confidentiality policy concerns multi-level security systems. It states that secret data must be protected during the computation and there should be no leakage of that data through public output channel. Information flow security is formalized as noninterference, which states that final values of lowsecurity variables must be independent of initial highsecurity variables[1]. Information flow security analysis verifies if a program respects certain confidentiality policy. Denning and Denning[2] were first to perform static information flow analysis for checking programs for confidentiality
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
