首页    期刊浏览 2024年12月11日 星期三
登录注册

文章基本信息

  • 标题:Proof-Carrying Code Based Tool for Secure Information Flow of Assembly Programs
  • 本地全文:下载
  • 作者:Muthana, Abdulrahman ; Ghani, Abdul Azim Abd ; Mahmod, Ramlan
  • 期刊名称:Journal of Computer Science
  • 印刷版ISSN:1549-3636
  • 出版年度:2009
  • 卷号:5
  • 期号:2
  • 页码:163-171
  • DOI:10.3844/jcssp.2009.163.171
  • 出版社:Science Publications
  • 摘要:Problem statement: How a host (the code consumer) can determine with certainty that a downloaded program received from untrusted source (the code producer) will maintain the confidentiality of the data it manipulates and it is safe to install and execute. Approach: The approach adopted for verifying that a downloaded program will not leak confidential data to unauthorized parties was based on the concept of Proof-Carrying Code (PCC). A mobile program (in its assembly form) was analyzed for information flow security based on the concept of proof-carrying code. The security policy was centered on a type system for analyzing information flows within assembly programs based on the notion of noninterference. Results: A verification tool for verifying assembly programs for information flow security was built. The tool certifies SPARC assembly programs for secure information flow by statically analyzing the program based on the idea of Proof-Carrying Code (PCC). The tool operated directly on the machine-code requiring only the inputs and outputs of the code annotated with security levels. The tool provided a windows user interface enabling the users to control the verification process. The proofs that untrusted program did not leak sensitive information were generated and checked on the host machine and if they are valid, then the untrusted program can be installed and executed safely. Conclusion: By basing proof-carrying code infrastructure on information flow analysis type-system, a sufficient assurance of protecting confidential data manipulated by the mobile program can be obtained. This assurance was come due to the fact that type systems provide a sufficient guarantee of protecting confidentiality.
  • 关键词:Proof-carrying code; secure information flow; assembly language; non-interference
国家哲学社会科学文献中心版权所有