A Theory of Communicating Sequential Processes
Journal of the ACM (JACM)
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
Manageable fine-grained information flow
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Civitas: Toward a Secure Voting System
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Fable: A Language for Enforcing User-defined Security Policies
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Noninterference for a Practical DIFC-Based Operating System
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Verifying Information Flow Control over Unbounded Processes
FM '09 Proceedings of the 2nd World Congress on Formal Methods
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Poster: towards formal verification of DIFC policies
Proceedings of the 18th ACM conference on Computer and communications security
Secure programming via visibly pushdown safety games
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Hi-index | 0.00 |
Decentralized information flow control (DIFC) operating systems provide applications with mechanisms for enforcing information flow policies for their data. However, significant obstacles keep such operating systems from achieving widespread adoption. One key obstacle is that DIFC operating systems provide only low-level mechanisms for allowing application programmers to enforce their desired policies. It can be difficult for the programmer to ensure that their use of these mechanisms enforces their high-level policies, while at the same time not breaking the underlying functionality of their application. These are issues both for programmers who would develop new applications for a DIFC operating system and for programmers who would port existing applications to a DIFC operating system. Our work significantly eases these tasks. We present as automatic technique that takes as input a program with no DIFC code, and two policies: one that specifies prohibited information flows and one that specifies flows that must be allowed. Our technique then produces a new version of the input program that satisfies the two policies. To evaluate out technique, we implemented it in an automatic tool, called Swim (for Secure What I Mean), and applied it to a set of real-world programs and policies. The results of our evaluation demonstrate that the technique is sufficiently expressive to produce programs for real-world policies, and that it can produce such programs efficiently. It thus represents a significant contribution towards developing systems with strong end-to-end information flow guarantees.