The references in the lecture make good reading material.
All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask), IEEE Security and Privacy, 2010.
This paper explains tainting with a simple operational semantics.
Watch the Taintdroid demo video.
Read about the Jif extension to Java which adds labels that express restrictions on how information may be used.
The FlowDroid web page describes a static information flow tracking tool for Android.
Sabelfeld and Myers, Language-Based Information-Flow Security, IEEE Journal on Selected Areas In Communications, 21(1), 2003.
See the homepage of Andrei Sabelfeld for more papers on this topic.
The lecture briefly mentioned Content Security Policy, CSP, which a web application can user as headers to specify a security policy, listing trusted sources from which to load images, scripts, etc. Further reading for interest:
Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: school-office@inf.ed.ac.uk Please contact our webadmin with any comments or corrections. Logging and Cookies Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh |