Computer Security Applications Conference, Annual (2006)
Miami Beach, Florida, USA
Dec. 11, 2006 to Dec. 15, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.22
Tejas Khatiwala , University of Illinois, Chicago, USA
Raj Swaminathan , University of Illinois, Chicago, USA
V.N. Venkatakrishnan , University of Illinois, Chicago, USA
When an application reads private / sensitive infor- mation and subsequently communicates on an output channel such as a public file or a network connection, how can we ensure that the data written is free of private information? In this paper, we address this question in a practical setting through the use of a technique that we call "data sandboxing" . Essentially, data sandboxing is implemented using the popular technique of system call interposition to mediate output channels used by a pro- gram. To distinguish between private and public data, the program is partitioned into two: one that contains all the instructions that handle sensitive data and the other containing the rest of the instructions. This parti- tioning is performed based on techniques from program slicing. When run together, these two programs collec- tively replace the original program. To address confi- dentiality, these programs are sandboxed with different system call interposition based policies. We discuss the design and implementation of a tool that enforces con- fidentiality policies on C programs using this technique. We also report our experiences in using our tool over several programs that handle confidential data.
V. Venkatakrishnan, T. Khatiwala and R. Swaminathan, "Data Sandboxing: A Technique for Enforcing Confidentiality Policies," 2006 22nd Computer Security Applications Conference(ACSAC), Miami Beach, FL, 2006, pp. 223-234.