Implementing Erasure Policies Using Taint Analysis
نویسندگان
چکیده
Security or privacy-critical applications often require access to sensitive information in order to function. But in accordance with the principle of least privilege – or perhaps simply for legal compliance – such applications should not retain said information once it has served its purpose. In such scenarios, the timely disposal of data is known as an information erasure policy. This paper studies software-level information erasure policies for the data manipulated by programs. The paper presents a new approach to the enforcement of such policies. We adapt ideas from dynamic taint analysis to track how sensitive data sources propagate through a program and erase them on demand. The method is implemented for Python as a library, with no modifications to the runtime system. The library is easy to use, and allows programmers to indicate information-erasure policies with only minor modifications to their code.
منابع مشابه
A Semantic Hierarchy for Erasure Policies
We consider the problem of logical data erasure, contrasting with physical erasure in the same way that end-to-end information flow control contrasts with access control. We present a semantic hierarchy for erasure policies, using a possibilistic knowledge-based semantics to define policy satisfaction such that there is an intuitively clear upper bound on what information an erasure policy perm...
متن کاملAnomalous Taint Detection
Software security has become an increasing necessity for guaranteeing, as much as possible, the correctness of computer systems. A number of techniques have been developed over the past two decades to mitigate software vulnerabilities. Learning-based anomaly detection techniques have been pursued for many years due to their ability to detect a broad range of attacks, including novel attacks. Mo...
متن کاملCode-Injection Attacks in Browsers Supporting Policies
Code-injection attacks can take place in a large variety of layers, from native code to databases and web applications. The latter case involves mainly client-side code injection in the browser environment, also known as Cross-Site Scripting (XSS). There are numerous ways to defeat XSS attacks, from static and taint analysis to policy enforcement in the web browser. In this paper, we enlist new...
متن کاملA Non-MDS Erasure Code Scheme for Storage Applications
This paper investigates the use of redundancy and self repairing against node failures indistributed storage systems using a novel non-MDS erasure code. In replication method, accessto one replication node is adequate to reconstruct a lost node, while in MDS erasure codedsystems which are optimal in terms of redundancy-reliability tradeoff, a single node failure isrepaired after recovering the ...
متن کاملAnalysis of Intersectoral Collaboration in the Iranian Health System for Implementing Health in all Policies: Challenges and the Way Forward (This Research was Conducted Before the Covoid-19 Pandemic)
Background and Aim: For achievement of equity in the population health the implementation of health in all policies is essential. The most crucial intervention in this approach is inter-sectoral collaboration. Materials and Methods: This was a qualitative study based on the national policy framework. Data were collected using literature review, in-depth interviews and focus group discussions ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010