Sound and Precise Cross-Layer Data Flow Tracking

We present a general model that connects runtime monitors for data flow tracking at different abstraction layers (e.g. a browser, a mail client, an operating system) and show that this model is sound with respect to a formal notion of explicit information flow. This is useful because, although the semantics of higher-level events at a single layer can be exploited to increase the precision of the analysis, other abstraction levels need to be considered as well in order to obtain system-wide guarantees. For instance, to soundly reason about the flow of a picture from the network through a browser into a cache file or a window on the screen, analysis results from multiple layers need to be combined.      «

We present a general model that connects runtime monitors for data flow tracking at different abstraction layers (e.g. a browser, a mail client, an operating system) and show that this model is sound with respect to a formal notion of explicit information flow. This is useful because, although the semantics of higher-level events at a single layer can be exploited to increase the precision of the analysis, other abstraction levels need to be considered as well in order to obtain system-wide guar...     »