Noninterference for a practical DIFC-based operating system

Eran Tromer, Maxwell Krohn*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The Flume system is an implementation of decentralized information flow control (DIFC) at the operating system level. Prior work has shown Flume can be implemented as a practical extension to the Linux operating system, allowing real Web applications to achieve useful security guarantees. However, the question remains if the Flume system is actually secure. This paper compares Flume with other recent DIFC systems like Asbestos, arguing that the latter is inherently susceptible to certain wide-bandwidth covert channels, and proving their absence in Flume by means of a noninterference proof in the Communicating Sequential Processes formalism.

Original languageEnglish
Title of host publication2009 30th IEEE Symposium on Security and Privacy
Pages61-76
Number of pages16
DOIs
StatePublished - 2009
Externally publishedYes
Event2009 30th IEEE Symposium on Security and Privacy - Oakland, CA, United States
Duration: 17 May 200920 May 2009

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
ISSN (Print)1081-6011

Conference

Conference2009 30th IEEE Symposium on Security and Privacy
Country/TerritoryUnited States
CityOakland, CA
Period17/05/0920/05/09

Fingerprint

Dive into the research topics of 'Noninterference for a practical DIFC-based operating system'. Together they form a unique fingerprint.

Cite this