Conferences in Research and Practice in Information Technology
  

Online Version - Last Updated - 20 Jan 2012

 

 
Home
 

 
Procedures and Resources for Authors

 
Information and Resources for Volume Editors
 

 
Orders and Subscriptions
 

 
Published Articles

 
Upcoming Volumes
 

 
Contact Us
 

 
Useful External Links
 

 
CRPIT Site Search
 
    

A taint marking approach to confidentiality violation detection

Hauser, C., Tronel, F., Reid, J. and Fidge, C.

    This article presents a novel approach to confidentiality violation detection based on taint marking. Information flows are dynamically tracked between applications and objects of the operating system such as files, processes and sockets. A confidentiality policy is defined by labelling sensitive information and defining which information may leave the local system through network exchanges. Furthermore, per application profiles can be defined to restrict the sets of information each application may access and/or send through the network. In previous works, we focused on the use of mandatory access control mechanisms for information flow tracking. In this current work, we have extended the previous information flow model to track network exchanges, and we are able to define a policy attached to network sockets. We show an example application of this extension in the context of a compromised web browser: our implementation detects a confidentiality violation when the browser attempts to leak private information to a remote host over the network.
Cite as: Hauser, C., Tronel, F., Reid, J. and Fidge, C. (2012). A taint marking approach to confidentiality violation detection. In Proc. Australasian Information Security Conference (AISC 2012) Melbourne, Australia. CRPIT, 125. Pieprzyk, J.and Thomborson, C. Eds., ACS. 83-90
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS