Skip to Main Content
Protecting sensitive information-credit card data, personal medical information, etc-is becoming an increasingly important issue due to ubiquity of computing systems. Traditionally, confidentiality of information is guaranteed by access control mechanisms, but there is a renewed interest in developing mechanisms that track how information flows during program execution. There are two established means to enforce information flow policies: static verification, and run-time or dynamic monitoring. Run-time monitoring is more flexible than static verification, since it permits running all programs and only reject unsecure executions; of course, the increased flexibility is mitigated by a degradation of runtime performance. This work presents two techniques for dynamic information flow monitoring. Unlike most of run-time monitors that rely on program rewriting techniques, these techniques use dynamic dependence graphs to track information flow at run-time. The proposed approaches scale to real languages and can cope with declassification annotations.
Date of Conference: 4-7 March 2008