Labels and event processes in the Asbestos operating system

VanDeBogart, Steve; Efstathopoulos, Petros; Kohler, Eddie; Krohn, Maxwell; Frey, Cliff; Ziegler, David; Kaashoek, Frans; Morris, Robert; Mazières, David

doi:10.1145/1314299.1314302

Cited by 70 publications

(44 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unfortunately, despite its attractiveness, the DLM is not widely used to protect data in web applications, for example. In the operating systems domain, most of the past DLM-inspired work has relied exclusively on dynamic enforcement [21,37,39]. This is due to the dynamic nature of operating systems, which must support a changing set of users, evolving policies, and dynamically loaded code.…”

Section: Introductionmentioning

confidence: 99%

Flexible dynamic information flow control in Haskell

Stefan

Russo

Mitchell

et al. 2011

Proceedings of the 4th ACM Symposium on Haskell

Self Cite

117

177

View full text Add to dashboard Cite

We describe a new, dynamic, floating-label approach to languagebased information flow control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a current label and permits restricted access to IO functionality, while ensuring that the current label exceeds the labels of all data observed and restricts what can be modified. Unlike other language-based work, LIO also bounds the current label with a current clearance that provides a form of discretionary access control. In addition, programs may encapsulate and pass around the results of computations with different labels. We give precise semantics and prove confidentiality and integrity properties of the system.

show abstract

Section: Introductionmentioning

confidence: 99%

Flexible dynamic information flow control in Haskell

Stefan

Russo

Mitchell

et al. 2011

Proceedings of the 4th ACM Symposium on Haskell

Self Cite

117

177

View full text Add to dashboard Cite

show abstract

“…Multiple operating systems support DIFC, including Asbestos [24], HiStar [26], and Flume [15]. These systems all provide low-level mechanisms that allow an application programmer to implement an information-flow policy.…”

Section: Related Workmentioning

confidence: 99%

“…Decentralized information flow control (DIFC) operating systems are a recent innovation aimed at providing applications with mechanisms for ensuring the secrecy and integrity of their data [15,24,26]. To achieve this goal, a DIFC OS associates with each process a label drawn from a partiallyordered set.…”

Section: Introductionmentioning

confidence: 99%

DIFC programs by automatic instrumentation

Harris

Jha

Reps

2010

Proceedings of the 17th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

Decentralized information flow control (DIFC) operating systems provide applications with mechanisms for enforcing information-flow policies for their data. However, significant obstacles keep such operating systems from achieving widespread adoption. One key obstacle is that DIFC operating systems provide only low-level mechanisms for allowing application programmers to enforce their desired policies. It can be difficult for the programmer to ensure that their use of these mechanisms enforces their high-level policies, while at the same time not breaking the underlying functionality of the application. These are issues both for programmers who would develop new applications for a DIFC operating system and for programmers who would port existing applications to a DIFC operating system.Our work significantly eases these tasks. We present an automatic technique that takes as input a program with no DIFC code, and two policies: one that specifies prohibited information flows and one that specifies flows that must be allowed. Our technique then produces a new version of the input program that satisfies the two policies. To evaluate our technique, we created an automatic tool, called Swim (for Secure What I Mean), that implements the technique, and applied it to a set of real-world programs and policies. The results of our evaluation demonstrate that the technique is sufficiently expressive to generate code for real-world policies, and that it can generate such code efficiently. It thus represents a significant contribution towards developing systems with strong end-to-end information-flow guarantees. † Also affiliated with GrammaTech, Inc.

show abstract

“…Much work has been done in developing interprocess information-flow systems, including the systems Asbestos [16], Hi-Star [2], and Flume [3]. While the mechanisms of these systems differ, they all provide powerful low-level mechanisms based on comparison over a partially ordered set of labels, with the goal of implementing interprocess data secrecy and integrity.…”

Section: Related Workmentioning

confidence: 99%

Verifying Information Flow Control over Unbounded Processes

Harris¹,

Kidd²,

Chaki

et al. 2009

FM 2009: Formal Methods

View full text Add to dashboard Cite

Abstract. Decentralized Information Flow Control (DIFC) systems enable programmers to express a desired DIFC policy, and to have the policy enforced via a reference monitor that restricts interactions between system objects, such as processes and files. Past research on DIFC systems focused on the reference-monitor implementation, and assumed that the desired DIFC policy is correctly specified. The focus of this paper is an automatic technique to verify that an application, plus its calls to DIFC primitives, does indeed correctly implement a desired policy. We present an abstraction that allows a model checker to reason soundly about DIFC programs that manipulate potentially unbounded sets of processes, principals, and communication channels. We implemented our approach and evaluated it on a set of real-world programs.

show abstract

Labels and event processes in the Asbestos operating system

Cited by 70 publications

References 25 publications

Flexible dynamic information flow control in Haskell

Flexible dynamic information flow control in Haskell

DIFC programs by automatic instrumentation

Verifying Information Flow Control over Unbounded Processes

Contact Info

Product

Resources

About