Internet Archive Scholar

Noninterference for a Practical DIFC-Based Operating System

Maxwell Krohn, Eran Tromer
2009 2009 30th IEEE Symposium on Security and Privacy  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (406.9 kB)
https://web.archive.org/web/20130929101020/http://tau.ac.il/~tromer/papers/flumecsp.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2013; you can also visit the original URL. The file type is application/pdf.

The Flume system is an implementation of decentralized information flow control (DIFC) at the operating system level. Prior work has shown Flume can be implemented as a practical extension to the Linux operating system, allowing real Web applications to achieve useful security guarantees. However, the question remains if the Flume system is actually secure. This paper compares Flume with other recent DIFC systems like Asbestos, arguing that the latter is inherently susceptible to certain
more » ... ndwidth covert channels, and proving their absence in Flume by means of a noninterference proof in the Communicating Sequential Processes formalism.
doi:10.1109/sp.2009.23 dblp:conf/sp/KrohnT09 fatcat:fzhg7p7hqjf7hifqh4xxz3fmsa
Citation

Maxwell Krohn, Eran Tromer. "Noninterference for a Practical DIFC-Based Operating System." 2009 30th IEEE Symposium on Security and Privacy (2009) 61-76