| dc.contributor.author | Krohn, Maxwell | |
| dc.contributor.author | Tromer, Eran | |
| dc.date.accessioned | 2010-10-01T17:29:12Z | |
| dc.date.available | 2010-10-01T17:29:12Z | |
| dc.date.issued | 2009-08 | |
| dc.date.submitted | 2009-05 | |
| dc.identifier.isbn | 978-0-7695-3633-0 | |
| dc.identifier.issn | 1081-6011 | |
| dc.identifier.other | INSPEC Accession Number: 10827639 | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/58828 | |
| dc.description.abstract | The Flume system is an implementation of decentralized information flow control (DIFC) at the operating system level. Prior work has shown Flume can be implemented as a practical extension to the Linux operating system, allowing real Web applications to achieve useful security guarantees. However, the question remains if the Flume system is actually secure. This paper compares Flume with other recent DIFC systems like Asbestos, arguing that the latter is inherently susceptible to certain wide-bandwidth covert channels, and proving their absence in Flume by means of a noninterference proof in the communicating sequential processes formalism. | en_US |
| dc.description.sponsorship | National Science Foundation (U.S.) (CyberTrust/DARPA grant CNS-0430425) | en_US |
| dc.description.sponsorship | Nokia Corporation | en_US |
| dc.description.sponsorship | National Science Foundation (U.S.) Graduate Student Fellowship | en_US |
| dc.description.sponsorship | Carnegie Mellon University. CyLab (grant DAAD19-02-1-0389) | en_US |
| dc.description.sponsorship | United States. Army Research Office | en_US |
| dc.description.sponsorship | National Science Foundation (U.S.) (CyberTrust grant CNS-0808907) | en_US |
| dc.description.sponsorship | United States. Air Force Research Laboratory (grant FA8750-08-1-0088) | en_US |
| dc.language.iso | en_US | |
| dc.publisher | Institute of Electrical and Electronics Engineers | en_US |
| dc.relation.isversionof | http://dx.doi.org/10.1109/SP.2009.23 | en_US |
| dc.rights | Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use. | en_US |
| dc.source | IEEE | en_US |
| dc.subject | noninterference | en_US |
| dc.subject | covert channels | en_US |
| dc.subject | Information flow control | en_US |
| dc.subject | Communicating Sequential Processes | en_US |
| dc.title | Noninterference for a practical DIFC-based operating system | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Krohn, M., and E. Tromer. “Noninterference for a Practical DIFC-Based Operating System.” Security and Privacy, 2009 30th IEEE Symposium on. 2009. 61-76. © 2009Institute of Electrical and Electronics Engineers. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | en_US |
| dc.contributor.approver | Tromer, Eran | |
| dc.contributor.mitauthor | Tromer, Eran | |
| dc.relation.journal | 2009 30th IEEE Symposium on Security and Privacy | en_US |
| dc.eprint.version | Final published version | en_US |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | en_US |
| eprint.status | http://purl.org/eprint/status/PeerReviewed | en_US |
| dspace.orderedauthors | Krohn, Maxwell; Tromer, Eran | en |
| mit.license | PUBLISHER_POLICY | en_US |
| mit.metadata.status | Complete | |
