Access Control


Users commonly download, patch, and use applications such as email clients, office applications, and media-players from the Internet. Such applications are run with the user's full permissions. Because system protections do not differentiate applications from each other, any malcode present in the downloaded software can compromise or otherwise leak all user data. Interestingly, our investigations show that inter-application sharing is well-defined, following recognizable workflows. The degenerate and most frequent workflow exists when files are only access by the application that creates them; however more complex workflows can be modeled as stages in the lifetime of data (e.g., writing, compiling, linking, and executing an application). We have also found that inter-user sharing, commonly done between systems, follows predictable patterns. This reality represents an opportunity for new protection schemes. We propose the PinUP access control overlay system that "pins" files to specific applications. More information can be found on the PinUP Page along with source code for our implementation.