A PROGRAM PARTITIONING TECHNIQUE FOR ENFORCEMENT …
A PROGRAM PARTITIONING TECHNIQUE FOR ENFORCEMENT OF CONFIDENTIALITY POLICIES
BY TEJAS R. KHATIWALA B.E., South Gujarat University at Surat, 2003.
THESIS Submitted as partial fulfillment of the requirements for the degree of Master of Science in Computer Science
in the Graduate College of the University of Illinois at Chicago, 2006
Chicago, Illinois
Copyright by Tejas R. Khatiwala
2006
To my parents and their fathers.
iii
ACKNOWLEDGMENTS
I would like to thank my advisor, Prof. V.N. Venkatakrishnan, for his guidance and patience during the course of the thesis. It would not have been possible to reach this stage but for his support. I would like to thank my thesis committee members - Prof. Jon Solworth and Prof. A. Prasad Sistla - for their time and support.
I would specially like to thank my friend Raj for many engaging discussions and giving a helping hand with development which helped me refine our implementation.
TRK
iv
TABLE OF CONTENTS
CHAPTER
PAGE
1 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
2 APPROACH OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
2.1
System overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.2
Security Policy Specifications . . . . . . . . . . . . . . . . . . . . . . . 12
2.3
Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3 PARTITIONING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.1
Introduction and generation of private zone . . . . . . . . . . . . . . . 16
3.2
Generation of public zone . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3
Analysis for state exchange between zones . . . . . . . . . . . . . . . 19
3.4
Generation of checks that makes use of runtime information. . . . . . 20
3.5
Psuedo code for partition engine . . . . . . . . . . . . . . . . . . . . . 21
4 SERIALIZATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.1
Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.1.1
Basic idea of serialization . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.1.2
Serialization and data types . . . . . . . . . . . . . . . . . . . . . . . . 27
4.1.3
Pointers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.1.4
Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.1.5
Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.1.6
Analysis of recursive structures . . . . . . . . . . . . . . . . . . . . . . 31
4.1.7
The Messaging Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.1.8
The hash-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.1.9
Code generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.2
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
5 EVALUATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.1
Policy enforcement evaluation . . . . . . . . . . . . . . . . . . . . . . 41
5.1.1
Linux-Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.1.2
Htpasswd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.1.3
Mediachat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.1.4
chfn, chsh, passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.2
Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.2.1
Micro benchmark on the domain transfer operation . . . . . . . . . . 43
5.3
Overall performance measurements . . . . . . . . . . . . . . . . . . . 43
5.3.1
Performance Improvements . . . . . . . . . . . . . . . . . . . . . . . . 44
v
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- the file class binary i o and serialization
- optimization gpu profiling and
- distributed systems
- jeffrey richter guide to working with azure storage tables
- noscpp a network object system for c
- avro quick guide tutorialspoint
- a program partitioning technique for enforcement
- adobe systems inc
- i n t r o d u c t i o n t o s o f t w a r e s e c u r i t
- omp 734 assignment 4 xtendible and multiplatform object
Related searches
- does australia have a program of education
- describe a technique for measuring photosynthetic rate
- stimulus control technique for erectile dysfunction
- technique for measuring photosynthetic rate
- what is a program manager
- deep breathing technique for pneumonia
- add a program to startup list
- what does a program manager do
- duties of a program analyst
- what is a program analyst
- how to reinstall a program uninstalled
- cannula technique for fillers