INVESTIGADORES
JASKELIOFF Mauro Javier
congresos y reuniones científicas
Título:
Monitoring Reactive Systems with Dynamic Channels
Autor/es:
DANTE ZANARINI; MAURO JASKELIOFF
Lugar:
Uppsala
Reunión:
Workshop; Ninth Workshop on Programming Languages and Analysis for Security; 2014
Resumen:
Given the increasingly sensitive data that web applications deal with, a
lot of attention has been put into their security. Dynamic methods for
ensuring confidentiality of secret data, such as monitors, are usually
preferred due to their permissiveness and ability to adapt to dynamic
features of web languages. One dynamic approach to confidentiality is
through secure multi-execution, a technique which transforms programs
into secure ones. A recent refinement of this technique led to a monitor
for reactive systems such as web applications which is precise, in
the sense that it raises an alarm exactly when a security condition is
violated, and transpar- ent, in the sense that the semantics of secure
programs is preserved. A limitation of this and other approaches based
on secure multi-execution is that there is a fixed set of channels
with a fixed security level. However, most web applica- tions create
channels dynamically, even by doing something as trivial as adding a
button to a page. Moreover, the security level of such new channel would
be chosen dynamically. In this work, we overcome the limitation of
assuming a fixed set of channels and introduce a model of reactive
systems with dynamic channels and present a precise and transparent
monitor for it.