Noninterference for a practical DIFC-based operating system

Krohn, Maxwell; Tromer, Eran

Author(s)

Krohn, Maxwell; Tromer, Eran

DownloadTromer-2009-Noninterference for a practical DIFC-based operating system.pdf (389.4Kb)

PUBLISHER_POLICY

Terms of use

Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use.

Metadata

Show full item record

Abstract

The Flume system is an implementation of decentralized information flow control (DIFC) at the operating system level. Prior work has shown Flume can be implemented as a practical extension to the Linux operating system, allowing real Web applications to achieve useful security guarantees. However, the question remains if the Flume system is actually secure. This paper compares Flume with other recent DIFC systems like Asbestos, arguing that the latter is inherently susceptible to certain wide-bandwidth covert channels, and proving their absence in Flume by means of a noninterference proof in the communicating sequential processes formalism.

Date issued

2009-08

URI

http://hdl.handle.net/1721.1/58828

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory

Journal

2009 30th IEEE Symposium on Security and Privacy

Publisher

Institute of Electrical and Electronics Engineers

Citation

Krohn, M., and E. Tromer. “Noninterference for a Practical DIFC-Based Operating System.” Security and Privacy, 2009 30th IEEE Symposium on. 2009. 61-76. © 2009Institute of Electrical and Electronics Engineers.

Version: Final published version

Other identifiers

INSPEC Accession Number: 10827639

ISBN

978-0-7695-3633-0

ISSN

1081-6011

Keywords

noninterference, covert channels, Information flow control, Communicating Sequential Processes

Collections

MIT Open Access Articles

DSpace@MIT