Information flow control for standard os abstractions

SOSP'07 - Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles

Volumn , Issue , 2007, Pages 321-334

  Krohn, Maxwell ^a   Yip, Alexander ^a   Brodsky, Micah ^a   Cliffer, Natan ^a   Kaashoek, M Frans ^a   Kohler, Eddie ^b   Morris, Robert ^a  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

DIFC; Distributed information flow control; Endpoints; Reference monitor; System call interposition; Web services

Indexed keywords

DATA FLOW; DECENTRALIZED INFORMATION FLOW CONTROL; DESCRIPTORS; DISTRIBUTED INFORMATION; DISTRIBUTED INFORMATION FLOW CONTROL; INFORMATION FLOW CONTROL; MOIN-MOIN; OPERATING SYSTEMS; PRIVATE DATA; REFERENCE MONITORS; SAFE OPERATION; SECURITY CODES; SECURITY POLICY; SECURITY VIOLATIONS; SYSTEM CALLS; WEB APPLICATION;

ABSTRACTING; COMPUTER OPERATING SYSTEMS; FLOW CONTROL; INTRUSION DETECTION; NETWORK SECURITY; SECURITY SYSTEMS; WEB SERVICES; XML;

MONITORING;

EID: 57749192483     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (38)

1. D. E. Bell and L. L. Padula. Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997, Rev. 1, MITRE Corp., Bedford, MA, March 1976.
2. K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, Rev. 1, MITRE Corp., Bedford, MA, 1976.
3. M. Brodsky et al. Toward secure services from untrusted developers. Technical Report TR-2007-041, MIT CSAIL, Aug. 2007.
4. S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing confidentiality and integrity in web applications. In Proc. 16th USENIX Security, Aug. 2007.
5. C. Cowan et al. StackGuard: Automatic detection and prevention of buffer-overflow attacks. In Proc. 11th USENIX Security, Aug. 2002.
6. D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236-243, 1976.
7. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proc. 2002 OSDI, Dec. 2002.
8. P. Efstathopoulos et al. Labels and event processes in the Asbestos operating system. In Proc. 20th SOSP, October 2005.
9. FastCGI. Open Market. http://www.fastcgi.com.
10. T. Fraser. LOMAC: Low water-mark integrity protection for COTS environments. In Proc. 2000 IEEE Security and Privacy, May 2000.
11. T. Fraser, L. Badger, and M. Feldman. Hardening COTS software with generic software wrappers. In Proc. IEEE Security and Privacy, 1999.
12. T. Garfinkel, B. Pfaff, and M. Rosenblum. Ostia: A delegating architecture for secure system call interposition. In Proc. 2004 NDSS, February 2004.
13. J. Gelinas. Virtual private servers and security contexts, Jan. 2003. http://linux-vserver.org.
14. R. Goldberg. Architecture of virtual machines. In 1973 NCC AFIPS Conf. Proc., volume 42, pages 309-318, 1973.
15. B. Hicks, K. Ahmadizadeh, and P. McDaniel. Understanding practical application development in security-typed languages. In Proc. 22st ACSAC, December 2006.
16. M. B. Jones. Interposition agents: Transparently interposing user code at the system interface. In Proc. 14th SOSP, Dec. 1993.
17. P.-H. Kamp and R. N. M. Watson. Jails: Confining the omnipotent root. In Proc. 2nd SANE, May 2000.
18. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proc. 11th USENIX Security, Aug. 2002.
19. M. Krohn, E. Kohler, and M. F. Kaashoek. Events can make sense. In Proc. 2007 USENIX, June 2007.
20. P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In Proc. 2001 USENIX, June 2001. FREENIX track.
21. M. D. McIlroy and J. A. Reeds. Multilevel security in the UNIX tradition. Software - Practice and Experience, 22(8):673-694, 1992.
22. MoinMoin. The MoinMoin Wiki Engine, Dec. 2006. http://moinmoin. wikiwikiweb.de/.
23. A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proc. 16th SOSP, Oct. 1997.
24. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Computer Systems, 9(4):410-442, October 2000.
25. National Vulnerability Database. CVE-2007-2637. http://nvd.nist.gov/nvd. cfm?cvename=CVE-2007-2637.
26. osvdb.org. Open Source Vulnerability Database. http://osvdb.org/searchdb. php?base=moinmoin.
27. N. Provos. Improving host security with system call policies. In Proc. 12th USENIX Security, Aug. 2003.
28. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proc. IEEE, 63(9):1278-1308, Sept. 1975.
29. M. Seaborn. Plash: tools for practical least privilege. http://plash.beasts.org.
30. S. Smalley, C. Vance, and W. Salamon. Implementing SELinux as a Linux security module, February 2006. http://www.nsa.gov/selinux/papers/module-abs. cfm.
31. N. Soffer. MoinBenchmarks. http://moinmoin.wikiwikiweb.de/MoinBenchmarks.
32. R. Ta-Min, L. Litty, and D. Lie. Splitting Interfaces: Making trust between applications and operating systems configurable. In Proc. 2006 OSDI, Nov. 2006.
33. VMware. VMware and the National Security Agency team to build advanced secure computer systems, Jan. 2001. http://www.vmware.com/pdf/TechTrendNotes. pdf.
34. R. Watson, W. Morrison, C. Vance, and B. Feldman. The TrustedBSD MAC framework: Extensible kernel access control for FreeBSD 5.0. In Proc. 2003 USENIX, June 2003.
35. A. Whitaker, M. Shaw, and S. D. Gribble. Scale and performance in the Denali isolation kernel. In Proc. 2002 OSDI, Dec. 2002.
36. C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux security modules: General security support for the Linux kernel. In Proc. 11th USENIX Security, Aug. 2002.
37. A. R. Yumerefendi, B. Mickle, and L. P. Cox. TightLip: Keeping applications from spilling the beans. In Proc. 2007 NSDI, Apr. 2007.
38. N. B. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proc. 7th OSDI, Nov. 2006.