PinUP: Pinning user files to known applications

Research output: Contribution to journalConference articlepeer-review

13 Scopus citations

Abstract

Users commonly download, patch, and use applications such as email clients, office applications, and media-players from the Internet. Such applications are run with the user's full permissions. Because system protections do not differentiate applications, any malcode present in the downloaded software can compromise or otherwise leak all user data. Interestingly, our investigations indicate that common applications often adhere to recognizable workflows on user data. In this paper, we take advantage of this reality by developing protection mechanisms that "pin" user files to the applications that may use them. These mechanisms restrict access to user data to explicitly stated workflows-thus preventing malcode from exploiting user data not associated with that application. We describe our implementation of PinUP on the Linux Security Modules framework, explore its performance, and study several practical use cases. Through these activities, we show that user data can be protected from untrusted applications while retaining the ability to receive the benefits of those applications.

Original languageEnglish (US)
Article number4721544
Pages (from-to)55-64
Number of pages10
JournalProceedings - Annual Computer Security Applications Conference, ACSAC
DOIs
StatePublished - 2008
Event24th Annual Computer Security Applications Conference, ACSAC 2008 - Anaheim, CA, United States
Duration: Dec 8 2008Dec 12 2008

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'PinUP: Pinning user files to known applications'. Together they form a unique fingerprint.

Cite this