A Retrospective on the VAX VMM Security Kernel
IEEE Transactions on Software Engineering
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Capability-Based Computer Systems
Capability-Based Computer Systems
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
IBM Systems Journal
Proceedings of the 4th international symposium on Memory management
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
The DaCapo benchmarks: java benchmarking development and analysis
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
lmbench: portable tools for performance analysis
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
Design and implementation of transactional constructs for C/C++
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Enforcing authorization policies using transactional memory introspection
Proceedings of the 15th ACM conference on Computer and communications security
Hardware enforcement of application security policies using tagged memory
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Execution leases: a hardware-supported mechanism for enforcing strong non-interference
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
A permission system for secure AOP
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Opportunities for concurrent dynamic analysis with explicit inter-core communication
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Decentralized information flow control on a bare-metal JVM
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Airavat: security and privacy for MapReduce
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
DEFCON: high-performance event processing with information security
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Do you know where your data are?: secure data capsules for deployable data protection
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
SafeWeb: a middleware for securing ruby-based web applications
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
Abstractions for usable information flow control in Aeolus
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
User-aware privacy control via extended static-information-flow analysis
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
SafeWeb: a middleware for securing ruby-based web applications
Proceedings of the 12th International Middleware Conference
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
Position paper: Sapper -- a language for provable hardware policy enforcement
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Sapper: a language for hardware-level security policy enforcement
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
| Hi-index | 0.00 |
Decentralized information flow control (DIFC) is a promising model for writing programs with powerful, end-to-end security guarantees. Current DIFC systems that run on commodity hardware can be broadly categorized into two types: language-level and operating system-level DIFC. Language level solutions provide no guarantees against security violations on system resources, like files and sockets. Operating system solutions can mediate accesses to system resources, but are inefficient at monitoring the flow of information through fine-grained program data structures. This paper describes Laminar, the first system to implement decentralized information flow control using a single set of abstractions for OS resources and heap-allocated objects. Programmers express security policies by labeling data with secrecy and integrity labels, and then access the labeled data in lexically scoped security regions. Laminar enforces the security policies specified by the labels at runtime. Laminar is implemented using a modified Java virtual machine and a new Linux security module. This paper shows that security regions ease incremental deployment and limit dynamic security checks, allowing us to retrofit DIFC policies on four application case studies. Replacing the applications' ad-hoc security policies changes less than 10% of the code, and incurs performance overheads from 1% to 56%. Whereas prior DIFC systems only support limited types of multithreaded programs, Laminar supports a more general class of multithreaded DIFC programs that can access heterogeneously labeled data.