The design and implementation of a log-structured file system
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Multilevel security in the UNIX tradition
Software—Practice & Experience
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
The KeyKOS Nanokernel Architecture
Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
A hardware architecture for implementing protection rings
SOSP '71 Proceedings of the third ACM symposium on Operating systems principles
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Scalability in the XFS file system
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
The spring nucleus: a microkernel for objects
Usenix-stc'93 Proceedings of the USENIX Summer 1993 Technical Conference on Summer technical conference - Volume 1
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Securing web applications with static and dynamic information flow tracking
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
A Virtual Machine Based Information Flow Control System for Policy Enforcement
Electronic Notes in Theoretical Computer Science (ENTCS)
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Kernel design for isolation and assurance of physical memory
Proceedings of the 1st workshop on Isolation and integration in embedded systems
Effective and efficient compromise recovery for weakly consistent replication
Proceedings of the 4th ACM European conference on Computer systems
Privacy-preserving browser-side scripting with BFlow
Proceedings of the 4th ACM European conference on Computer systems
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Apprehending joule thieves with cinder
Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Apprehending joule thieves with cinder
ACM SIGCOMM Computer Communication Review
Decentralized information flow control on a bare-metal JVM
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Hardware enforcement of application security policies using tagged memory
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
DBTaint: cross-application information flow tracking via databases
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Using hypervisors to secure commodity operating systems
Proceedings of the fifth ACM workshop on Scalable trusted computing
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Intrusion recovery using selective re-execution
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Automating configuration troubleshooting with dynamic information flow analysis
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Making Linux protection mechanisms egalitarian with UserFS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Energy management in mobile devices with the cinder operating system
Proceedings of the sixth conference on Computer systems
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Making information flow explicit in HiStar
Communications of the ACM
Distributed middleware enforcement of event flow security policy
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
Poster: towards formal verification of DIFC policies
Proceedings of the 18th ACM conference on Computer and communications security
Enhancing accountability of electronic health record usage via patient-centric monitoring
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Protecting health information on mobile devices
Proceedings of the second ACM conference on Data and Application Security and Privacy
libdft: practical dynamic data flow tracking for commodity systems
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
A model of information flow control to determine whether malfunctions cause the privacy invasion
Proceedings of the First Workshop on Measurement, Privacy, and Mobility
Decentralized delimited release
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Hails: protecting data privacy in untrusted web applications
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Efficient user-space information flow control
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Toward principled browser security
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
A taint marking approach to confidentiality violation detection
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Towards optimization-safe systems: analyzing the impact of undefined behavior
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
On quantitative dynamic data flow tracking
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.02 |
HiStar is a new operating system designed to minimize the amount of code that must be trusted. HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of applications. HiStar's security features make it possible to implement a Unix-like environment with acceptable performance almost entirely in an untrusted user-level library. The system has no notion of superuser and no fully trusted code other than the kernel. HiStar's features permit several novel applications, including an entirely untrusted login process, separation of data between virtual private networks, and privacy-preserving, untrusted virus scanners.