A proof-producing machine-code analyzer for secure information flow

Citation

Muthana, Abdulrahman Ahmad Abdu and Abd Ghani, Abdul Azim and Mahmod, Ramlan and Selamat, Mohd Hasan (2008) A proof-producing machine-code analyzer for secure information flow. In: 3rd International Symposium on Information Technology (ITSim'08), 26-28 Aug. 2008, Kuala Lumpur, Malaysia. .

Abstract

An approach enabling end-users to verify that a downloaded untrusted code will not leak confidential data to unauthorized parties is presented. The approach certifies RISC-style assembly programs for secure information flow by statically analyzing the code based on the idea of Proof Carrying Code (PCC). The proofs that untrusted code does not leak sensitive information are generated and checked on the host machine and if they are valid, then the untrusted code can be installed and executed safely. The proposed security analyzer operates directly on the machinecode requiring only the inputs and outputs of the code be annotated with security levels. The generated proofs serve as evidence that give end-users a guarantee about the security of the untrusted code.

Download File

Preview

Text (Abstract)
A proof-producing machine-code analyzer for secure information flow.pdf
Download (34kB) | Preview

Additional Metadata

Item Type:	Conference or Workshop Item (Paper)
Divisions:	Faculty of Computer Science and Information Technology
DOI Number:	https://doi.org/10.1109/ITSIM.2008.4631593
Publisher:	IEEE
Keywords:	Untrusted code; Machine-code analyzer; Secure information flow
Depositing User:	Nabilah Mustapa
Date Deposited:	10 Jun 2019 03:43
Last Modified:	10 Jun 2019 03:43
Altmetrics:	http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.1109/ITSIM.2008.4631593
URI:	http://psasir.upm.edu.my/id/eprint/68795
Statistic Details:	View Download Statistic

Actions (login required)

View Item