Filters








115 Hits in 2.2 sec

Making information flow explicit in HiStar

Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
2011 Communications of the ACM  
HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of applications.  ...  HiStar's security features make it possible to implement a Unix-like environment with acceptable performance almost entirely in an untrusted user-level library.  ...  HiStar was in part inspired by some of the input Cliff Frey had to the Asbestos project. This work was funded by joint DARPA/NSF Cybertrust grant CNS-0430425.  ... 
doi:10.1145/2018396.2018419 fatcat:cfyia3pesnesthcyxvgvigtiwq

Poster

Zhi Yang, Lihua Yin, Miyi Duan, Shuyuan Jin
2011 Proceedings of the 18th ACM conference on Computer and communications security - CCS '11  
Decentralized information flow control (DIFC) is a recent important innovation with flexible mechanisms to improve the availability of traditional information flow models.  ...  However, the flexibility of DIFC models also makes specifying and managing DIFC policies a challenging problem.  ...  HiStar tracks and enforces information flow using Asbestos labels, while it uses the explicit label adjustment to replace the implicit label adjustment used in Asbestos.  ... 
doi:10.1145/2046707.2093515 fatcat:x66nwtduuzgclb6ubs6repgpaq

The Confinement Problem: 40 Years Later

Alex Crowell, Beng Heng Ng, Earlence Fernandes, Atul Prakash
2013 Journal of Information Processing Systems  
We discuss the foundational principles from classical works, as well as the efforts towards solving the confinement problem in three domains: operating systems, mobile computing, and cloud computing.  ...  In HiStar, information flow is built into the operating system primitives, with a labeling system that defines how information is allowed to flow between files, threads, and other system entities.  ...  It is important to note however, that this approach does not make covert channels explicit, and so they are not addressed at all.  ... 
doi:10.3745/jips.2013.9.2.189 fatcat:4zcwhg5divefrn56wjfgjg7ake

Apprehending joule thieves with cinder

Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, Nickolai Zeldovich
2010 Computer communication review  
The emergence of third-party application stores and marketplaces makes this concern even more pressing.  ...  We introduce and explore these abstractions, paying particular attention to the ways in which policies could be generated and enforced in a dynamic system.  ...  The system allows applications to express data security policies in terms of information flow, which the kernel enforces.  ... 
doi:10.1145/1672308.1672327 fatcat:d3pd7d5wobhpde7zpfbulj7an4

Apprehending joule thieves with cinder

Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, Nickolai Zeldovich
2009 Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds - MobiHeld '09  
The emergence of third-party application stores and marketplaces makes this concern even more pressing.  ...  We introduce and explore these abstractions, paying particular attention to the ways in which policies could be generated and enforced in a dynamic system.  ...  All opinions expressed in this paper are the author's and do not necessarily reflect the policies and views of DHS, DOE, or ORAU/ORISE.  ... 
doi:10.1145/1592606.1592618 dblp:conf/sigcomm/RumbleSLMZ09 fatcat:hf27rgg2abcrdlx72tamcvb3wq

Program synthesis for interactive-security systems

William R. Harris, Somesh Jha, Thomas W. Reps, Sanjit A. Seshia
2017 Formal methods in system design  
For two interactive security systems, namely the Capsicum capability system and the HiStar information-flow system, we developed languages of policies that a programmer can use to directly express security  ...  and functionality requirements, along with synthesizers that take a program and policy in the language and generate a program that correctly uses system primitives to satisfy the policy.  ...  The work described in this paper was supported, in part, by a gift from Rajiv and Ritu Batra; by DARPA under Cooperative Agreement HR0011-12-  ... 
doi:10.1007/s10703-017-0296-5 fatcat:pedio4yulnghpjrokptclqqjx4

Manageable fine-grained information flow

Petros Efstathopoulos, Eddie Kohler
2008 ACM SIGOPS Operating Systems Review  
In this paper we propose subsystems that make decentralized information flow more manageable.  ...  Second, information flow-safe debugging mechanisms let developers debug DIFC applications without violating security policies.  ...  Information flow naturally generalizes communication constraints to any flow of information, not just IPC.  ... 
doi:10.1145/1357010.1352624 fatcat:lzwkcacyjnej3hg3ubshvlzewa

Manageable fine-grained information flow

Petros Efstathopoulos, Eddie Kohler
2008 Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008 - Eurosys '08  
In this paper we propose subsystems that make decentralized information flow more manageable.  ...  Second, information flow-safe debugging mechanisms let developers debug DIFC applications without violating security policies.  ...  Information flow naturally generalizes communication constraints to any flow of information, not just IPC.  ... 
doi:10.1145/1352592.1352624 dblp:conf/eurosys/EfstathopoulosK08 fatcat:x7ljaqml7nbfrnelaqtu2bpqxi

Data Tethers: Preventing information leakage by enforcing environmental data access policies

Charles Fleming, Peter Peterson, Erik Kline, Peter Reiher
2012 2012 IEEE International Conference on Communications (ICC)  
Protecting data from accidental loss or theft is crucial in today's world of mobile computing.  ...  Data Tethers uses fine-grain data flow tracking to maintain these policies on derivative data.  ...  flow tracking only, DT tracking both implicit and explicit flows.  ... 
doi:10.1109/icc.2012.6364368 dblp:conf/icc/FlemingPKR12 fatcat:wshikw7teng47gqfqbpjp5nggi

Information flow control for standard OS abstractions

Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, Robert Morris
2007 Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles - SOSP '07  
Decentralized Information Flow Control (DIFC) [24] is an approach to security that allows application writers to control how data flows between the pieces of an application and the outside world.  ...  In either case, only bugs in the trusted code, which tends to be small and isolated, can lead to security violations.  ...  We thank Mark Seaborn for his work on Plash, which served as a template for making glibc system call interposition work on Linux.  ... 
doi:10.1145/1294261.1294293 dblp:conf/sosp/KrohnYBCKKM07 fatcat:hcmzydtmhfbhzil4vk2pdmb3ie

Information flow control for standard OS abstractions

Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, Robert Morris
2007 ACM SIGOPS Operating Systems Review  
Decentralized Information Flow Control (DIFC) [24] is an approach to security that allows application writers to control how data flows between the pieces of an application and the outside world.  ...  In either case, only bugs in the trusted code, which tends to be small and isolated, can lead to security violations.  ...  We thank Mark Seaborn for his work on Plash, which served as a template for making glibc system call interposition work on Linux.  ... 
doi:10.1145/1323293.1294293 fatcat:2qzs5zii7fff7hu3yholv66toy

Energy management in mobile devices with the cinder operating system

Arjun Roy, Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, Nickolai Zeldovich
2011 Proceedings of the sixth conference on Computer systems - EuroSys '11  
We explore these abstractions, demonstrating their usefulness in a variety of applications running on the HTC Dream (a.k.a. Google G1).  ...  Unlike prior approaches, Cinder accurately tracks principals responsible for resource consumption even across interprocess communication, and allows applications to delegate their resources either in terms  ...  Securing them is a matter of making information flow explicit in the resource graph formed by the reserves and taps, which requires ensuring the new kernel object types are protected by appropriate security  ... 
doi:10.1145/1966445.1966459 dblp:conf/eurosys/RoyRSLMZ11 fatcat:wemhmxtbzbahde3x4yrlrza7fe

Clean-Slate Development of Certified OS Kernels

Zhong Shao
2015 Proceedings of the 2015 Conference on Certified Programs and Proofs - CPP '15  
We will also show how to provide built-in accountability and recovery mechanisms from the very beginning and how to combine them with information flow control to enforce the integrity of security labels  ...  Our certified kernel will offer safe and application-specific extensibility [8] , provable security properties with information flow control, and accountability and recovery from hardware or application  ...  Information Flow Control and IPC (BT3,OT1-2) Information flow control is a new kernel mechanism, first introduced in HiStar [100], to implement protection in traditional kernels and to enforce application-level  ... 
doi:10.1145/2676724.2693180 dblp:conf/cpp/Shao15 fatcat:ffiwrhqsdnbcflselj27eevbre

Cross-application data provenance and policy enforcement

Brian Demsky
2011 ACM Transactions on Privacy and Security  
Implicit Flows Garm only traces explicit flows of information. Information about the contents of data can also leak through implicit channels including control flow or timing channels.  ...  Information Flow-Based Security The HiStar operating system uses information flow to minimize the amount of code that must be trusted [Zeldovich et al. 2006 ].  ... 
doi:10.1145/1952982.1952988 fatcat:gsvmm5oejjfrrpkoazrovxjufm

Secure information flow analysis for hardware design

Xun Li, Mohit Tiwari, Ben Hardekopf, Timothy Sherwood, Frederic T. Chong
2010 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security - PLAS '10  
Hardware designers need to precisely analyze high-level descriptions for illegal information flows.  ...  Language-based information flow analyses can be applied to hardware description languages, but a straight-forward application either conservatively rules out many secure hardware designs, or constrains  ...  Projects such as LoStar [30] , HiStar [29] and Flume [13] apply distributed information flow control (DIFC) [28] through general purpose operating systems abstractions.  ... 
doi:10.1145/1814217.1814225 dblp:conf/pldi/0001THSC10 fatcat:xmafkdzyz5erbppl5v7cbojita
« Previous Showing results 1 — 15 out of 115 results