DIFC programs by automatic instrumentation

Publication typeProceedings Article
Publication date2010-10-04
Abstract
Decentralized information flow control (DIFC) operating systems provide applications with mechanisms for enforcing information flow policies for their data. However, significant obstacles keep such operating systems from achieving widespread adoption. One key obstacle is that DIFC operating systems provide only low-level mechanisms for allowing application programmers to enforce their desired policies. It can be difficult for the programmer to ensure that their use of these mechanisms enforces their high-level policies, while at the same time not breaking the underlying functionality of their application. These are issues both for programmers who would develop new applications for a DIFC operating system and for programmers who would port existing applications to a DIFC operating system. Our work significantly eases these tasks. We present as automatic technique that takes as input a program with no DIFC code, and two policies: one that specifies prohibited information flows and one that specifies flows that must be allowed. Our technique then produces a new version of the input program that satisfies the two policies. To evaluate out technique, we implemented it in an automatic tool, called Swim (for Secure What I Mean), and applied it to a set of real-world programs and policies. The results of our evaluation demonstrate that the technique is sufficiently expressive to produce programs for real-world policies, and that it can produce such programs efficiently. It thus represents a significant contribution towards developing systems with strong end-to-end information flow guarantees.
Found 
Found 

Top-30

Journals

1
Proceedings of the ACM on Programming Languages
1 publication, 8.33%
ACM Computing Surveys
1 publication, 8.33%
Formal Methods in System Design
1 publication, 8.33%
Lecture Notes in Computer Science
1 publication, 8.33%
Security and Communication Networks
1 publication, 8.33%
1

Publishers

1
2
Association for Computing Machinery (ACM)
2 publications, 16.67%
Springer Nature
2 publications, 16.67%
Institute of Electrical and Electronics Engineers (IEEE)
2 publications, 16.67%
Hindawi Limited
1 publication, 8.33%
1
2
  • We do not take into account publications without a DOI.
  • Statistics recalculated only for publications connected to researchers, organizations and labs registered on the platform.
  • Statistics recalculated weekly.

Are you a researcher?

Create a profile to get free access to personal recommendations for colleagues and new articles.
Metrics
Share
Found error?