Implementing Erasure Policies using Taint Analysis. Del Tedesco, F., Russo, A., & Sands, D. In Information Security Technology for Applications (Selected papers from the 15th Nordic Conference on Secure IT Systems, 2010), volume 7127, of LNCS, pages 193--209. Springer International Publishing, 2012. Paper abstract bibtex Security or privacy-critical applications often require access to sensitive information in order to function. But in accordance with the principle of least privilege -– or perhaps simply for legal compliance -– such applications should not retain said information once it has served its purpose. In such scenarios, the timely disposal of data is known as an information erasure policy. This paper studies software-level information erasure policies for the data manipulated by programs. The paper presents a new approach to the enforcement of such policies. We adapt ideas from dynamic taint analysis to track how sensitive data sources propagate through a program and erase them on demand. The method is implemented for Python as a library, with no modifications to the runtime system. The library is easy to use, and allows programmers to indicate information-erasure policies with only minor modifications to their code.
@incollection{DelTedesco+:ErasureTaint,
title={Implementing Erasure Policies using Taint Analysis},
author={Del Tedesco, Filippo and Russo, Alejandro and Sands, David},
booktitle={Information Security Technology for Applications (Selected papers from the 15th Nordic Conference on Secure IT Systems, 2010)},
pages={193--209},
series = {LNCS},
volume = 7127,
year={2012},
publisher={Springer International Publishing},
url_Paper = {http://www.cse.chalmers.se/~dave/papers/erasureTaint.pdf},
abstract = {Security or privacy-critical applications often require access to sensitive
information in order to function. But in accordance with the principle of least
privilege -– or perhaps simply for legal compliance -– such applications should
not retain said information once it has served its purpose. In such scenarios, the
timely disposal of data is known as an information erasure policy. This paper
studies software-level information erasure policies for the data manipulated by
programs. The paper presents a new approach to the enforcement of such policies.
We adapt ideas from dynamic taint analysis to track how sensitive data sources
propagate through a program and erase them on demand. The method is implemented
for Python as a library, with no modifications to the runtime system. The
library is easy to use, and allows programmers to indicate information-erasure
policies with only minor modifications to their code.}
}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Downloads: 0
{"_id":"RiDCu6ZGR5zpMx6EW","bibbaseid":"deltedesco-russo-sands-implementingerasurepoliciesusingtaintanalysis-2012","downloads":0,"creationDate":"2017-02-03T08:24:26.793Z","title":"Implementing Erasure Policies using Taint Analysis","author_short":["Del Tedesco, F.","Russo, A.","Sands, D."],"year":2012,"bibtype":"incollection","biburl":"http://www.cse.chalmers.se/~dave/davewww2016.bib","bibdata":{"bibtype":"incollection","type":"incollection","title":"Implementing Erasure Policies using Taint Analysis","author":[{"propositions":[],"lastnames":["Del","Tedesco"],"firstnames":["Filippo"],"suffixes":[]},{"propositions":[],"lastnames":["Russo"],"firstnames":["Alejandro"],"suffixes":[]},{"propositions":[],"lastnames":["Sands"],"firstnames":["David"],"suffixes":[]}],"booktitle":"Information Security Technology for Applications (Selected papers from the 15th Nordic Conference on Secure IT Systems, 2010)","pages":"193--209","series":"LNCS","volume":"7127","year":"2012","publisher":"Springer International Publishing","url_paper":"http://www.cse.chalmers.se/~dave/papers/erasureTaint.pdf","abstract":"Security or privacy-critical applications often require access to sensitive information in order to function. But in accordance with the principle of least privilege -– or perhaps simply for legal compliance -– such applications should not retain said information once it has served its purpose. In such scenarios, the timely disposal of data is known as an information erasure policy. This paper studies software-level information erasure policies for the data manipulated by programs. The paper presents a new approach to the enforcement of such policies. We adapt ideas from dynamic taint analysis to track how sensitive data sources propagate through a program and erase them on demand. The method is implemented for Python as a library, with no modifications to the runtime system. The library is easy to use, and allows programmers to indicate information-erasure policies with only minor modifications to their code.","bibtex":"@incollection{DelTedesco+:ErasureTaint,\n title={Implementing Erasure Policies using Taint Analysis},\n author={Del Tedesco, Filippo and Russo, Alejandro and Sands, David},\n booktitle={Information Security Technology for Applications (Selected papers from the 15th Nordic Conference on Secure IT Systems, 2010)},\n pages={193--209},\n series = {LNCS},\n volume = 7127,\n year={2012},\n publisher={Springer International Publishing},\n url_Paper = \t {http://www.cse.chalmers.se/~dave/papers/erasureTaint.pdf},\n abstract = {Security or privacy-critical applications often require access to sensitive\ninformation in order to function. But in accordance with the principle of least\nprivilege -– or perhaps simply for legal compliance -– such applications should\nnot retain said information once it has served its purpose. In such scenarios, the\ntimely disposal of data is known as an information erasure policy. This paper\nstudies software-level information erasure policies for the data manipulated by\nprograms. The paper presents a new approach to the enforcement of such policies.\nWe adapt ideas from dynamic taint analysis to track how sensitive data sources\npropagate through a program and erase them on demand. The method is implemented\nfor Python as a library, with no modifications to the runtime system. The\nlibrary is easy to use, and allows programmers to indicate information-erasure\npolicies with only minor modifications to their code.} \n}\n\n\n%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n\n","author_short":["Del Tedesco, F.","Russo, A.","Sands, D."],"key":"DelTedesco+:ErasureTaint","id":"DelTedesco+:ErasureTaint","bibbaseid":"deltedesco-russo-sands-implementingerasurepoliciesusingtaintanalysis-2012","role":"author","urls":{" paper":"http://www.cse.chalmers.se/~dave/papers/erasureTaint.pdf"},"downloads":0},"search_terms":["implementing","erasure","policies","using","taint","analysis","del tedesco","russo","sands"],"keywords":[],"authorIDs":["58943e3a2f18920f4c000022"],"dataSources":["SBHWXKotbthoEYKJv"]}