Efficient user-space information flow control

ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

Volumn , Issue , 2013, Pages 131-141

  Niu, Ben ^a   Tan, Gang ^a  

^a Lehigh University   (United States)

Author keywords

checkpointing; secure information flow; software based fault isolation

Indexed keywords

CHECK POINTING; CONTROL OVER INFORMATION FLOWS; DECENTRALIZED INFORMATION FLOW CONTROL; DESIGN AND IMPLEMENTATIONS; FAULT ISOLATION; INFORMATION FLOW CONTROL; INTERDOMAIN COMMUNICATION; SECURE INFORMATION FLOW;

FLOW CONTROL; PROCESS CONTROL;

SECURITY OF DATA;

EID: 84878003318     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2484313.2484328     Document Type: Conference Paper

References (27)

1. http://web.nvd.nist.gov/view/vuln/search. [Online; accessed on 21-October-2012].
2. http://httpd.apache.org/security/vulnerabilities-22.html. [Online; accessed on 22-October-2012].
3. AppArmor. http://wiki.apparmor.net.
4. SELinux. http://selinuxproject.org.
5. ABADI, M., BUDIU, M., ERLINGSSON, Ú., AND LIGATTI, J. Control-flow integrity. In 12th ACM Conference on Computer and Communications Security (CCS) (2005), pp. 340-353.
6. AKRITIDIS, P., CADAR, C., RAICIU, C., COSTA, M., AND CASTRO, M. Preventing memory error exploits with wit. In IEEE Symposium on Security and Privacy (S&P) (2008), pp. 263-277.
7. BELL, D., AND L A PADULA, L. Secure computer system: Unified exposition and multics interpretation. Tech. Rep. ESD-TR-75-306, MITRE Corp., Mar. 1976.
8. CASTRO, M., COSTA, M., MARTIN, J.-P., PEINADO, M., AKRITIDIS, P., DONNELLY, A., BARHAM, P., AND BLACK, R. Fast byte-granularity software fault isolation. In ACM SIGOPS Symposium on Operating Systems Principles (SOSP) (2009), pp. 45-58.
9. DENNING, D. E. A lattice model of secure information flow. Communications of The ACM 19 (1976), 236-243.
10. EFSTATHOPOULOS, P., KROHN, M., VANDEBOGART, S., FREY, C., ZIEGLER, D., KOHLER, E., M AZIÈRES, D., KAASHOEK, M. F., AND MORRIS, R. Labels and event processes in the Asbestos operating system. In ACM SIGOPS Symposium on Operating Systems Principles (SOSP) (2005), pp. 17-30.
11. ERLINGSSON, Ú., ABADI, M., VRABLE, M., BUDIU, M., AND NECULA, G. XFI: Software guards for system address spaces. In USENIX Symposium on Operating Systems Design and Implementation (OSDI) (2006), pp. 75-88.
12. FORD, B., AND COX, R. Vx32: Lightweight user-level sandboxing on the x86. In USENIX Annual Technical Conference (2008), pp. 293-306.
13. FRASER, T. LOMAC: Low water-mark integrity protection for COTS environments. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (2000), pp. 230-245.
14. KROHN, M., YIP, A., BRODSKY, M., CLIFFER, N., KAASHOEK, M. F., KOHLER, E., AND MORRIS, R. Information flow control for standard OS abstractions. In ACM SIGOPS Symposium on Operating Systems Principles (SOSP) (2007), pp. 321-334.
15. MCCAMANT, S., AND MORRISETT, G. Evaluating SFI for a CISC architecture. In 15th Usenix Security Symposium (2006).
16. MCILROY, M. D., AND REEDS, J. A. Multilevel security in the UNIX tradition. Software Practice and Experience 22 (1992), 673-694.
17. MYERS, A., AND LISKOV, B. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering Methodology 9 (Oct. 2000), 410-442.
18. NIU, B., AND TAN, G. Enforcing user-space privilege separation with declarative architectures. In Proceedings of the seventh ACM workshop on Scalable trusted computing (New York, NY, USA, 2012), STC '12, ACM, pp. 9-20.
19. PROVOS, N. Improving host security with system call policies. In 12th Usenix Security Symposium (2003), pp. 257-272.
20. SALTZER, J., AND SCHROEDER, M. The protection of information in computer systems. Proceedings of The IEEE 63, 9 (Sept. 1975), 1278-1308.
21. SMALL, C. A tool for constructing safe extensible C++ systems. In COOTS'97: Proceedings of the 3rd conference on USENIX Conference on Object-Oriented Technologies (COOTS) (1997), pp. 174-184.
22. WAHBE, R., LUCCO, S., ANDERSON, T., AND GRAHAM, S. Efficient software-based fault isolation. In ACM SIGOPS Symposium on Operating Systems Principles (SOSP) (New York, 1993), ACM Press, pp. 203-216.
23. YEE, B., SEHR, D., DARDYK, G., CHEN, B., MUTH, R., ORMANDY, T., OKASAKA, S., NARULA, N., AND FULLAGAR, N. Native client: A sandbox for portable, untrusted x86 native code. In IEEE Symposium on Security and Privacy (S&P) (May 2009).
24. YUMEREFENDI, A. R., MICKLE, B., AND COX, L. P. Tightlip: keeping applications from spilling the beans. In Proceedings of the 4th USENIX conference on Networked systems design & implementation (Berkeley, CA, USA, 2007), NSDI'07, USENIX Association, pp. 12-12.
25. ZDANCEWIC, S., ZHENG, L., NYSTROM, N., AND MYERS, A. Secure program partitioning. ACM Transactions on Compututer Systems (TOCS) 20, 3 (2002), 283-328.
26. ZELDOVICH, N., BOYD-WICKIZER, S., KOHLER, E., AND M AZIÈRES, D. Making information flow explicit in HiStar. In USENIX Symposium on Operating Systems Design and Implementation (OSDI) (2006), pp. 263-278.
27. ZHENG, L., CHONG, S., MYERS, A., AND ZDANCEWIC, S. Using replication and partitioning to build secure distributed systems. In IEEE Symposium on Security and Privacy (S&P) (2003), pp. 236-250.