FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2486502170> ?p ?o ?g. }

• W2486502170 abstract "In today's computing environment, we use various applications on our various computing devices to process our data. However, we can only implicitly trust that the applications do not do anything harmful or violate our desired confidentiality policy for the data, especially when those applications are run on today's feature-rich and monolithic commodity operating systems. In this thesis, we present two approaches—with and without modifying the applications—that aim to provide data confidentiality protection after the data is given to an authorized recipient—a problem which we refer to as illegal secondary dissemination. We also aim for the protection of the data throughout its lifetime. The first approach follows the school of thought of providing a secure execution compartment for the security-critical part of an application. We propose to use the hardware to directly protect a trusted component of an application, which in turn controls access to the protected data, on top of an untrusted operating system. We devise a methodology for trust-partitioning an existing application into the trusted component, leaving the rest of the application untrusted. The trusted component can be used to implement the desired confidentiality policy for our sensitive data and guarantee that the policy is enforced for the lifetime of the data. We demonstrate this first approach by showing how the difficult-to-achieve originator-controlled (ORCON) access control policy can be enforced with the real-world vi editor. Our first approach essentially ties the protected data with the trusted part of the application that is protected by the hardware. However, this results in the inconvenience of having to use only a particular application to access the protected data, limiting the portability and availability of the data. Therefore, my second approach removes the applications from the trust chain and provides an application-independent secure data compartment that tracks and protects the data in the hardware, no matter which untrusted application or authorized recipient is given access to the data. We use the flexibility of software to interpret and translate high-level policies to low-level semantics that the hardware understands, and we use the hardware to persistently track the usage of the sensitive data and to control the output of the sensitive data from the machine. We have prototyped the architecture on the OpenSPARC processor platform and show how unmodified third-party applications can be run while various data-specific high-level policies can be enforced on the sensitive data. My second approach leverages a technique called Dynamic Information Flow Tracking (DIFT), which has been shown to be a powerful technique for computer security, covering both integrity and confidentiality applications. However, the false-positives and false-negatives of DIFT techniques have hindered its practical adoption and usability. We take a deeper look at the practicality and usability issues of DIFT and explore various techniques to address the false positives and false negatives, arising from the undecidability of conditional branches, which is a type of implicit information flow that is particularly hard to solve dynamically. We propose various micro-architectural and hybrid software-hardware solutions using only the application binaries and show how the combination of these solutions help build a practical and usable DIFT system." @default.
• W2486502170 created "2016-08-23" @default.
• W2486502170 creator A5035657440 @default.
• W2486502170 creator A5071964645 @default.
• W2486502170 date "2012-01-01" @default.
• W2486502170 modified "2023-10-16" @default.
• W2486502170 title "Architecture for data-centric security" @default.
• W2486502170 cites W104209573 @default.
• W2486502170 cites W12569816 @default.
• W2486502170 cites W1499241274 @default.
• W2486502170 cites W1500225871 @default.
• W2486502170 cites W1515790419 @default.
• W2486502170 cites W1574149717 @default.
• W2486502170 cites W1603573844 @default.
• W2486502170 cites W183168643 @default.
• W2486502170 cites W1866262938 @default.
• W2486502170 cites W1964154990 @default.
• W2486502170 cites W1969275903 @default.
• W2486502170 cites W1978703818 @default.
• W2486502170 cites W1986789244 @default.
• W2486502170 cites W1989786317 @default.
• W2486502170 cites W2014589236 @default.
• W2486502170 cites W2017960359 @default.
• W2486502170 cites W2020974839 @default.
• W2486502170 cites W2027135600 @default.
• W2486502170 cites W2036601091 @default.
• W2486502170 cites W2037017056 @default.
• W2486502170 cites W2043944888 @default.
• W2486502170 cites W2049884757 @default.
• W2486502170 cites W2068189899 @default.
• W2486502170 cites W2083228150 @default.
• W2486502170 cites W2086234010 @default.
• W2486502170 cites W2088923183 @default.
• W2486502170 cites W2097404228 @default.
• W2486502170 cites W2100666033 @default.
• W2486502170 cites W2105598683 @default.
• W2486502170 cites W2107890513 @default.
• W2486502170 cites W2111506684 @default.
• W2486502170 cites W2119251836 @default.
• W2486502170 cites W2122049982 @default.
• W2486502170 cites W2123553986 @default.
• W2486502170 cites W2128159601 @default.
• W2486502170 cites W2129482816 @default.
• W2486502170 cites W2131129639 @default.
• W2486502170 cites W2131284883 @default.
• W2486502170 cites W2132185316 @default.
• W2486502170 cites W2132461047 @default.
• W2486502170 cites W2133383336 @default.
• W2486502170 cites W2133422510 @default.
• W2486502170 cites W2137622193 @default.
• W2486502170 cites W2140972824 @default.
• W2486502170 cites W2143285027 @default.
• W2486502170 cites W2144789413 @default.
• W2486502170 cites W2147235282 @default.
• W2486502170 cites W2147448476 @default.
• W2486502170 cites W2150709728 @default.
• W2486502170 cites W2151135920 @default.
• W2486502170 cites W2153437389 @default.
• W2486502170 cites W2153497135 @default.
• W2486502170 cites W2153553074 @default.
• W2486502170 cites W2154022444 @default.
• W2486502170 cites W2154909745 @default.
• W2486502170 cites W2156030242 @default.
• W2486502170 cites W2160708122 @default.
• W2486502170 cites W2163706363 @default.
• W2486502170 cites W2167804035 @default.
• W2486502170 cites W2170961388 @default.
• W2486502170 cites W2171934742 @default.
• W2486502170 cites W2401617229 @default.
• W2486502170 cites W2540404521 @default.
• W2486502170 cites W2787898597 @default.
• W2486502170 cites W2911424200 @default.
• W2486502170 cites W2912869995 @default.
• W2486502170 cites W2914572864 @default.
• W2486502170 cites W3110167331 @default.
• W2486502170 cites W33043110 @default.
• W2486502170 cites W68569306 @default.
• W2486502170 cites W77946476 @default.
• W2486502170 cites W86730287 @default.
• W2486502170 cites W2000669172 @default.
• W2486502170 cites W2105528199 @default.
• W2486502170 cites W2124518285 @default.
• W2486502170 cites W2482363909 @default.
• W2486502170 hasPublicationYear "2012" @default.
• W2486502170 type Work @default.
• W2486502170 sameAs 2486502170 @default.
• W2486502170 citedByCount "2" @default.
• W2486502170 countsByYear W24865021702013 @default.
• W2486502170 countsByYear W24865021702015 @default.
• W2486502170 crossrefType "journal-article" @default.
• W2486502170 hasAuthorship W2486502170A5035657440 @default.
• W2486502170 hasAuthorship W2486502170A5071964645 @default.
• W2486502170 hasConcept C111919701 @default.
• W2486502170 hasConcept C121332964 @default.
• W2486502170 hasConcept C140547941 @default.
• W2486502170 hasConcept C154908896 @default.
• W2486502170 hasConcept C168167062 @default.
• W2486502170 hasConcept C2776831232 @default.
• W2486502170 hasConcept C2777407602 @default.
• W2486502170 hasConcept C38652104 @default.

• next