Toward Secure Services from Untrusted Developers
Author(s)
Brodsky, Micah Z. (Micah Zev); Efstathopoulos, Petros; Kaashoek, Frans; Kohler, Eddie; Krohn, Maxwell; Mazieres, David; Morris, Robert; VanDeBogart, Steve; Yip, Alexander; ... Show more Show less
DownloadMIT-CSAIL-TR-2007-041.pdf (232.4Kb)
Additional downloads
Other Contributors
Parallel and Distributed Operating Systems
Advisor
Frans Kaashoek
Metadata
Show full item recordAbstract
We present a secure service prototype built from untrusted,contributed code.The service manages private data for a variety of different users, anduser programs frequently require access to other users' private data.However, aside from covert timing channels, no part of the service cancorrupt private data or leak it between users or outside the systemwithout permission from the data's owners.Instead, owners may choose to reveal their data in a controlled manner.This application model is demonstrated by Muenster, a job searchwebsite that protects both the integrity and secrecy of each user's data.In spite of running untrusted code, Muenster and other services canprevent overt leaks because the untrusted modules are constrained bythe operating system to follow pre-specified security policies, whichare nevertheless flexible enough for programmers to do useful work.We build Muenster atop Asbestos, a recently described operating systembased on a form of decentralized information flowcontrol.
Date issued
2007-08-06Other identifiers
MIT-CSAIL-TR-2007-041
Series/Report no.
Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory
Keywords
decentralized information flow control, operating systems, security, web services, untrusted code, debugging, persistent storage