1 / 9

PC+DDFA Integration Process: Racing Against Data Leakage

Dive into the process-level information flow via PC and DDFA integration, discovering the impact of color tainting on sensitive files. Explore a motivating scenario through NICECAP PI meeting examples, merging PC and DDFA for enhanced data tracking. Witness the evolution of process coloring and DDFA's role in confidential data management, all demonstrated in the NICECAP PI meeting. Join SwRI and UTexas in making DDFA color-aware, experiment with PCManFM, and attend integration meetings shaping data security on September 8th, 2008. Uncover the risks of data leakage and the benefits of color-aware processes in a dynamic PC+DDFA environment.

lolita
Download Presentation

PC+DDFA Integration Process: Racing Against Data Leakage

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Process Coloring and DDFA Integration Presenter: Ryan Riley NICECAP PI Meeting

  2. A Motivating Scenario turbotax Tax warcraft Games PCfalse alert “Sensitive file should never leave this computer” notepad Editor outlook Email Sensitive Date files Tax files My photo File Manager NICECAP PI Meeting

  3. PC or DDFA Alone Cannot Solve It • PC  Process-level information flow treating processes as blackboxes  Overly conservative color tainting  Color tainting across processes • DDFA  Language-level information flow confined within one process  Not aware of colors across the system  Fine-grain data flow tracking within a process NICECAP PI Meeting

  4. Example: Without “PC+DDFA” Integration Process Process File 1 New file File 2 NICECAP PI Meeting

  5. Example: With “PC+DDFA” Integration push_color(new_file, ) File 1 New file Process (w/ DDFA) New file File 2 fetch_color(file1) fetch_color(file2) Process Coloring (Operating System level) NICECAP PI Meeting

  6. Example Scenario Tasks • SWRI+UTexas • Making DDFA color-aware • Instrumenting a real-world file manager PCManFM with DDFA capability • Purdue • Implementing fetch_color()and push_color()in PC • Testing instrumented PCManFMin living lab VM • Integration Meeting • September 8th, 2008 SwRI visited Purdue NICECAP PI Meeting

  7. PCManFM Sensitive Financial Information NICECAP PI Meeting

  8. 3 Colors – Bad. Flow Graphs • Process Coloring Without DDFA NICECAP PI Meeting

  9. Flow Graphs 1 Color – Good. Process Coloring With DDFA September 24, 2008 NICECAP PI Meeting 9

More Related