Accession Number:

ADA621545

Title:

Information Flow Integrity for Systems of Independently-Developed Components

Descriptive Note:

Final rept. 1 Apr 2012-31 Mar 2015

Corporate Author:

PENNSYLVANIA STATE UNIV STATE COLLEGE

Report Date:

2015-06-22

Pagination or Media Count:

15.0

Abstract:

The aim of this project is to enable enforcement of integrity safe in systems of independently-developed components. In this project, we explore this problem from three perspectives. First, we developed integrity safety properties and mechanisms to enforce them. In particular, we developed resource retrieval access integrity, which protects programs when retrieving system resources, and implemented the process firewall mechanism to enforce this property. Second, we developed integrity safety mechanisms for a variety of software, including web browsers to protect them from browser extensions, kernel software to enforce resource retrieval integrity and fine-grained control-flow integrity of approved code, and user-space programs to enforce access control policies. Third, we developed methods to retrofit software to enforce integrity safety properties mostly-automatically through safety games and authorization constraints. Both of these methods enable an efficient deployment of code to enforce expected integrity requirements. This work has been published in several top conferences in computer security and programming languages and some of the projects have been packaged for open-source distribution.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE