Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Mostly-Static Decentralized Information Flow Control
Mostly-Static Decentralized Information Flow Control
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A unifying approach to the security of distributed and multi-threaded programs
Journal of Computer Security - Special issue on CSFW14
Practical Information-flow Control in Web-Based Information Systems
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Linux Journal
Trusted declassification:: high-level policy for a security-typed language
Proceedings of the 2006 workshop on Programming languages and analysis for security
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
A General Dynamic Information Flow Tracking Framework for Security Applications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A logical specification and analysis for SELinux MLS policy
Proceedings of the 12th ACM symposium on Access control models and technologies
Security-typed languages for implementation of cryptographic protocols: a case study
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Jifclipse: development tools for security-typed languages
Proceedings of the 2007 workshop on Programming languages and analysis for security
A logical specification and analysis for SELinux MLS policy
Proceedings of the 12th ACM symposium on Access control models and technologies
Non-volatile memory and disks:: avenues for policy architectures
Proceedings of the 2007 ACM workshop on Computer security architecture
Remote attestation on program execution
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Flexible security configuration for virtual machines
Proceedings of the 2nd ACM workshop on Computer security architectures
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
Trojan horse resistant discretionary access control
Proceedings of the 14th ACM symposium on Access control models and technologies
A logical specification and analysis for SELinux MLS policy
ACM Transactions on Information and System Security (TISSEC)
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
Combining Discretionary Policy with Mandatory Information Flow in Operating Systems
ACM Transactions on Information and System Security (TISSEC)
Automating security mediation placement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
SilverLine: preventing data leaks from compromised web applications
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Commercial operating systems have recently introduced mandatory access controls (MAC) that can be used to ensure system-wide data confidentiality and integrity. These protections rely on restricting the flow of information between processes based on security levels. The problem is, there are many applications that defy simple classification by security level, some of them essential for system operation. Surprisingly, the common practice among these operating systems is simply to mark these applications as "trusted", and thus allow them to bypass label protections. This compromise is not a limitation of MAC or the operating system services that enforce it, but simply a fundamental inability of any operating system to reason about how applications treat sensitive data internally--and thus the OS must either restrict the data that they receive or trust them to handle it correctly. These practices were developed prior to the advent security-typed languages. These languages provide a means of reasoning about how the OS's sensitive data is handled within applications. Thus, applications can be shown to enforce system security by guaranteeing, in advance of execution, that they will adhere to the OS's MAC policy. In this paper, we provide an architecture for an operating system service, that integrate security-typed language with operating system MAC services. We have built an implementation of this service, called SIESTA, which handles applications developed in the security-typed language, Jif, running on the SELinux operating system. We also provide some sample applications to demonstrate the security, flexibility and efficiency of our approach.