Abstract
A grand challenge in information protection is how to preserve the confidentiality of sensitive information under spyware surveillance. This problem has not been well addressed by the existing access-control mechanisms which cannot prevent the spyware already in a system from monitoring an authorized party’s interactions with sensitive data. Our answer to this challenge is PRECIP, a new security policy model which takes a first step towards practical and retrofittable confidential information protection. This model is designed to offer efficient online protection for commercial applications and operating systems. It intends to be retrofitted to these applications and systems without modifying their code. To this end, PRECIP addresses several practical issues critical to containing spyware surveillance, which however are not well handled by the previous work in access control and information-flow security. Examples include the models for human input devices such as keyboard whose sensitivity level must be dynamically determined, other shared resources such as clipboard and screen which must be accessed by different processes, and the multitasked processes which work on public and sensitive data concurrently. We applied PRECIP toWindows XP to protect the applications for editing or viewing sensitive documents and browsing sensitive websites. We demonstrate that our implementation works effectively against a wide spectrum of spyware, including keyloggers, screen grabbers and file stealers. We also evaluated the overheads of our technique, which are shown to be very small.
Original language | English |
---|---|
State | Published - 2008 |
Externally published | Yes |
Event | 15th Symposium on Network and Distributed System Security, NDSS 2008 - San Diego, United States Duration: Feb 10 2008 → Feb 13 2008 |
Conference
Conference | 15th Symposium on Network and Distributed System Security, NDSS 2008 |
---|---|
Country/Territory | United States |
City | San Diego |
Period | 02/10/08 → 02/13/08 |
Funding
The authors thank Xuxian Jiang and anonymous reviewers for their comments on the draft of the paper. This work wassupported in part bythe National Science Foundation the Cyber Trust program under Grant No. CNS-0716292. Ninghui Li was supported by NSF CNS-0448204.
Funders | Funder number |
---|---|
National Science Foundation the Cyber Trust | CNS-0716292 |
National Science Foundation | CNS-0448204 |