Platform Independant Information-Flow Control for C/C++
Platform Independant Information-Flow Control for C/C++
| Supervisor(s): | Julian Horsch, Philipp Zieris |
| Status: | finished |
| Topic: | Others |
| Author: | Emanuel Vintila |
| Submission: | 2020-04-15 |
| Type of Thesis: | Masterthesis |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionPlatform Independent Information-Flow Control based on Pointer-Tagging
Abstract
Publicly observable software systems often handle private or secret information. In order to ensure non-interference between different data sensitivity levels (i.e., to avoid the leaking of secrets), Information-Flow Control (IFC) must be enforced based on security policies, which can vary between applications. We propose a runtime IFC enforcer for un-annotated C/C++ code that accepts user-defined policies at the compilation phase and instruments the code at the platform independent LLVM level. Data pointers are tagged with different sensitivity levels, which are propagated at runtime across the data and control flows of the program in order to detect illegal explicit flows (e.g., public := secret), as well as implicit flow (e.g., public := 1 if secret else 0).
|
|