PRECIP: Towards Practical and Retrofittable Confidential Information Protection

Xiao Feng Wang, Zhuowei Li, Ninghui Li, Jong Youl Choi

Research output: Contribution to conferencePaperpeer-review

11 Scopus citations

Abstract

A grand challenge in information protection is how to preserve the confidentiality of sensitive information under spyware surveillance. This problem has not been well addressed by the existing access-control mechanisms which cannot prevent the spyware already in a system from monitoring an authorized party’s interactions with sensitive data. Our answer to this challenge is PRECIP, a new security policy model which takes a first step towards practical and retrofittable confidential information protection. This model is designed to offer efficient online protection for commercial applications and operating systems. It intends to be retrofitted to these applications and systems without modifying their code. To this end, PRECIP addresses several practical issues critical to containing spyware surveillance, which however are not well handled by the previous work in access control and information-flow security. Examples include the models for human input devices such as keyboard whose sensitivity level must be dynamically determined, other shared resources such as clipboard and screen which must be accessed by different processes, and the multitasked processes which work on public and sensitive data concurrently. We applied PRECIP toWindows XP to protect the applications for editing or viewing sensitive documents and browsing sensitive websites. We demonstrate that our implementation works effectively against a wide spectrum of spyware, including keyloggers, screen grabbers and file stealers. We also evaluated the overheads of our technique, which are shown to be very small.

Original languageEnglish
StatePublished - 2008
Externally publishedYes
Event15th Symposium on Network and Distributed System Security, NDSS 2008 - San Diego, United States
Duration: Feb 10 2008Feb 13 2008

Conference

Conference15th Symposium on Network and Distributed System Security, NDSS 2008
Country/TerritoryUnited States
CitySan Diego
Period02/10/0802/13/08

Funding

The authors thank Xuxian Jiang and anonymous reviewers for their comments on the draft of the paper. This work wassupported in part bythe National Science Foundation the Cyber Trust program under Grant No. CNS-0716292. Ninghui Li was supported by NSF CNS-0448204.

FundersFunder number
National Science Foundation the Cyber TrustCNS-0716292
National Science FoundationCNS-0448204

    Fingerprint

    Dive into the research topics of 'PRECIP: Towards Practical and Retrofittable Confidential Information Protection'. Together they form a unique fingerprint.

    Cite this