Sciweavers

NSDI
2008

Securing Distributed Systems with Information Flow Control

13 years 6 months ago
Securing Distributed Systems with Information Flow Control
Recent operating systems [12, 21, 26] have shown that decentralized information flow control (DIFC) can secure applications built from mostly untrusted code. This paper extends DIFC to the network. We present DStar, a system that enforces the security requirements of mutually distrustful components through cryptography on the network and local OS protection mechanisms on each host. DStar does not require any fully-trusted processes or machines, and is carefully constructed to avoid covert channels inherent in its interface. We use DStar to build a three-tiered web server that mitigates the effects of untrustworthy applications and compromised machines.
Nickolai Zeldovich, Silas Boyd-Wickizer, David Maz
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where NSDI
Authors Nickolai Zeldovich, Silas Boyd-Wickizer, David Mazières
Comments (0)