Conference Paper

PinUP: Pinning User Files to Known Applications

Dept. of Comput. Sci. & Eng., Pennsylvania State Univ., University Park, PA
DOI: 10.1109/ACSAC.2008.41 Conference: Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Source: DBLP

ABSTRACT Users commonly download, patch, and use applications such as email clients, office applications, and media-players from the Internet. Such applications are run with the user's full permissions. Because system protections do not differentiate applications, any malcode present in the downloaded software can compromise or otherwise leak all user data. Interestingly, our investigations indicate that common applications often adhere to recognizable workflows on user data. In this paper, we take advantage of this reality by developing protection mechanisms that "pin'' user files to the applications that may use them. These mechanisms restrict access to user data to explicitly stated workflows--thus preventing malcode from exploiting user data not associated with that application. We describe our implementation of PinUP on the Linux Security Modules framework, explore its performance, and study several practical use cases. Through these activities, we show that user data can be protected from untrusted applications while retaining the ability to receive the benefits of those applications.

  • Source
    5th International Conference on Trust and Trustworthy Computing (TRUST); 06/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Discretionary Access Control (DAC) is the primary access control mechanism in today’s major operating systems. It is, however, vulnerable to Trojan Horse attacks and attacks exploiting buggy software. We propose to combine the discretionary policy in DAC with the dynamic information flow techniques in MAC, therefore achieving the best of both worlds, that is, the DAC’s easy-to-use discretionary policy specification and MAC’s defense against threats caused by Trojan Horses and buggy programs. We propose the Information Flow Enhanced Discretionary Access Control (IFEDAC) model that implements this design philosophy. We describe our design of IFEDAC, and discuss its relationship with the Usable Mandatory Integrity Protection (UMIP) model proposed earlier by us. In addition, we analyze their security property and their relationships with other protection systems. We also describe our implementations of IFEDAC in Linux and the evaluation results and deployment experiences of the systems.
    ACM Trans. Inf. Syst. Secur. 01/2011; 14:24.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Modern OSes such as Android, iOS, and Windows 8 have changed the way consumers interact with computing devices. Tasks are often completed by stringing together a collection of purpose-specific user applications (e.g., a barcode reader, a social networking app, a document viewer). As users direct this workflow between applications, it is difficult to predict the consequence of each step. Poor selection may result in accidental information disclosure when the target application unknowingly uses cloud services. This paper presents Aquifer as a policy framework and system for preventing accidental information disclosure in modern operating systems. In Aquifer, application developers define secrecy restrictions that protect the entire user interface workflow defining the user task. In doing so, Aquifer provides protection beyond simple permission checks and allows applications to retain control of data even after it is shared.
    Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security; 11/2013

Full-text (3 Sources)

Available from