Sciweavers

Free Online Productivity Tools i2Speak i2Symbol i2OCR iTex2Img iWeb2Print iWeb2Shot i2Type iPdf2Split iPdf2Merge i2Bopomofo i2Arabic i2Style i2Image i2PDF iLatex2Rtf Sci2ools

6

SP
2009
IEEE

favoriteEmaildiscussreport

101views Security Privacy» more SP 2009»

Noninterference for a Practical DIFC-Based Operating System

13 years 11 months ago

Noninterference for a Practical DIFC-Based Operating System

Download people.csail.mit.edu

The Flume system is an implementation of decentralized information ﬂow control (DIFC) at the operating system level. Prior work has shown Flume can be implemented as a practical extension to the Linux operating system, allowing real Web applications to achieve useful security guarantees. However, the question remains if the Flume system is actually secure. This paper compares Flume with other recent DIFC systems like Asbestos, arguing that the latter is inherently susceptible to certain wide-bandwidth covert channels, and proving their absence in Flume by means of a noninterference proof in the Communicating Sequential Processes formalism.

Maxwell N. Krohn, Eran Tromer

Real-time Traffic

Flume | Operating System | Paper Compares Flume | Security Privacy | SP 2009 |

claim paper

Related Content

» Lenient Array Operations for Practical Secure Information Flow

» Noninterference in the Presence of NonOpaque Pointers

» Noninterference through Secure Multiexecution

» Idle Port Scanning and Noninterference Analysis of Network Protocol Stacks Using Model Che...

» Avoiding timing channels in fixedpriority schedulers

» Verified Formal Security Models for Multiapplicative Smart Cards

Post Info
More Details (n/a)

Added	21 May 2010
Updated	21 May 2010
Type	Conference
Year	2009
Where	SP
Authors	Maxwell N. Krohn, Eran Tromer

Comments (0)