Manageable fine-grained information flow

12 years 2 months ago
Manageable fine-grained information flow
The continuing frequency and seriousness of security incidents underlines the importance of application security. Decentralized information flow control (DIFC), a promising tool for improving application security, gives application developers fine-grained control over security policy and privilege management. DIFC developers can partition much application functionality into untrusted components bound by a kernel- or language-enforced security policy. Unless a (usually smaller and less exposed) trusted component is exploited, the effects of an application compromise are contained by the policy. Although system-based DIFC can simultaneously achieve high performance and effective isolation, it offers a challenging programming model. Fine-grained policy specifications are spread over several application pieces. Common programming errors may be indistinguishable from policy exploit attempts; the system cannot expose developers to information about these errors, complicating debugging. S...
Petros Efstathopoulos, Eddie Kohler
Added 10 Mar 2010
Updated 10 Mar 2010
Type Conference
Year 2008
Authors Petros Efstathopoulos, Eddie Kohler
Comments (0)