Practical Fine-Grained Information Flow Control Using Laminar

Porter, Donald E.; Bond, Michael D.; Roy, Indrajit; McKinley, Kathryn S.; Witchel, Emmett

doi:10.1145/2638548

Cited by 12 publications

(10 citation statements)

References 58 publications

(88 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some previous work [14], [28] allows implicit declassification and endorsement. That is, if an active entity has the privilege to declassify/endorse and the privilege to return to its original state (i.e.…”

Section: Definition 3 a Label Change Noted Amentioning

confidence: 99%

“…However, for most applications, the overhead is imperceptible and lost in system noise; it is hard to measure without using kernel 3. It is not feasible to provide a comparison with the Laminar implementation [28], that is closest in technical terms to our work, as the implementation available https://github.com/ut-osa/laminar is for an obsolete kernel version 2.6.22 (07/2007). tools, as the variation between two executions may be greater than the overhead.…”

Section: Os Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

Camflow: Managed Data-Sharing for Cloud Services

Pasquier

Singh

Eyers

et al. 2017

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

Abstract-A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government, consisting of different departments, provides services to its citizens through a common platform. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-toend, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' data flow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency and offers system-wide visibility over data flows. This helps those responsible to meet their data management obligations, providing evidence of compliance, and aids in the identification of policy errors and misconfigurations. We present our IFC model and describe and evaluate our IFC architecture and implementation (CamFlow). This comprises an OS level implementation of IFC with support for application management, together with an IFC-enabled middleware.

show abstract

Section: Definition 3 a Label Change Noted Amentioning

confidence: 99%

Section: Os Evaluationmentioning

confidence: 99%

Camflow: Managed Data-Sharing for Cloud Services

Pasquier

Singh

Eyers

et al. 2017

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

show abstract

“…A newly created entity inherits the security context of its parent. Though other implementations [16], [22] allow more flexibility, they modify system call semantics, and therefore require applications to be rewritten [10]. Creation of an entity represents a flow of information between the parent and the child entity.…”

Section: Privileges and Entity Creationmentioning

confidence: 99%

“…Enforcing IFC in a database, for example, would require a specific database implementation, such as IFDB [27], where IFC would be enforced at a finer granularity than at the kernelobject level. Different levels of IFC enforcement can be made to interact gracefully, as in [22] or through means described in §IV-C. As IFC mechanisms are made to interoperate, an API should be provided for (internal) IFA to complement systemwide audit data. Similarly, the metadata collected will vary, according to the IFC enforcement mechanism(s), the applications involved, and higher-level provenance requirements [25].…”

Section: Ifa Compared With Provenance Logsmentioning

confidence: 99%

Information Flow Audit for PaaS Clouds

Pasquier

Singh

Bacon

et al. 2016

2016 IEEE International Conference on Cloud Engineering (IC2E)

View full text Add to dashboard Cite

With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control and track data as it flows throughout cloud infrastructure, to ensure that those responsible for data are meeting their obligations. This paper introduces Information Flow Audit, an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), a prototype implementation of our model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control policy both intra-machine at the kernel-level, and inter-machine, on message exchange. Here we demonstrate how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools. This allows detailed understanding of the overall system. Combining a continuously enforced data-centric security mechanism with meaningful audit empowers tenants and providers to both meet and demonstrate compliance with their data management obligations.

show abstract

“…Consider the situation presented here: left to right in the example, we see that the taint from the file is propagated to cp and then to the copy and wc, and eventually to /dev/stdout. The focus of this article is on three IFC systems developed for the generic Linux kernel: KBlare [4], Laminar [11,9], and the Android Linux kernel: Weir [8].…”

Section: Introductionmentioning

confidence: 99%

Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

Georget

Jaume

Piolle

et al. 2017

Software Engineering and Formal Methods

View full text Add to dashboard Cite

Abstract. Information flow control can be used at the Operating System level to enforce restrictions on the diffusion of security-sensitive data. In Linux, information flow trackers are often implemented as Linux Security Modules. They can fail to monitor some indirect flows when flows occur concurrently and affect the same containers of information. Furthermore, they are not able to monitor the flows due to file mappings in memory and shared memory between processes. We first present two attacks to evade state-of-the-art LSM-based trackers. We then describe an approach, formally proved with Coq [12] to perform information flow tracking able to cope with concurrency and in-memory flows. We demonstrate its implementability and usefulness in Rfblare, a race conditionfree version of the flow tracking done by KBlare [4].

show abstract

Practical Fine-Grained Information Flow Control Using Laminar

Cited by 12 publications

References 58 publications

Camflow: Managed Data-Sharing for Cloud Services

Camflow: Managed Data-Sharing for Cloud Services

Information Flow Audit for PaaS Clouds

Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

Contact Info

Product

Resources

About