Improving information flow control design with security contexts
DownloadFull printable version (932.4Kb)
Other Contributors
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
Advisor
Srini Devadas.
Terms of use
Metadata
Show full item recordAbstract
This thesis outlines a new language feature for Ruby: the security context, which enables complex information flow control schemes to be written in Ruby without modification to the virtual machine. Security contexts are Ruby objects that act as transparent proxies and can be attached to other objects, allowing them to seamlessly modify parameters and return values into and out of those objects' methods. Security contexts are demonstrated to be simple and effective in creating two flow control applications that would otherwise pose significant challenge to build: taint tracking as a Ruby library, and data flow assertions for Ruby on Rails applications. The performance of these systems was benchmarked while running as a part of a Rails application, and reached acceptable performance: taint tracking had no impact on performance, and data flow assertions saw a 50% throughput decrease, while providing considerable protection against privacy leaks and security vulnerabilities.
Description
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 83-85).
Date issued
2015Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.