Khatiwala Tejas
University of Illinois at Chicago
USA

Raj Swaminathan
University of Illinois at Chicago
USA

V.N. Venkatakrishnan
University of Illinois at Chicago
USA

When an application that reads private information
communicates on an output channel such as a file or a network
connection that is visible, how can we ensure that the data written
is free of private information? We address this question for a
practical setting in this paper through the use of a technique
called {\em data sandboxing} . Essentially, data sandboxing uses the
popular technique of system call interposition to mediate
communication channels. To distinguish between sensitive and public
data in programs, we partition the program into two programs and
enforce different confidentiality policy requirements on them. We perform such partitioning based on techniques from program analysis and slicing. We discuss the design and implementation of a tool that enforces confidentiality policies on C programs using this technique. We report our experiences in using our tool over several examples that span several thousand lines of code.

Keywords: Privacy, Confidentiality, Program analysis, Sandboxing

Read Paper (in PDF)