Abstractions for usable information flow control in Aeolus
作者: Dan R. K. Ports , Liuba Shrira , David Schultz , Aaron Blankstein , Barbara Liskov
DOI:
关键词:
摘要: Despite the increasing importance of protecting confidential data, building secure software remains as challenging ever. This paper describes Aeolus, a new platform for distributed applications. Aeolus uses information flow control to provide confidentiality and data integrity. It differs from previous systems in way that we believe makes it easier understand use. new, simpler security model, first combine standard principal-based scheme authority management with thread-granularity tracking. The principal hierarchy matches developers already reason about access control, coarse-grained tracking eases task defining program's restrictions. In addition, provides number mechanisms (authority closures, compound tags, boxes, shared volatile state) support common design patterns application design.
drkp.net参考文章(23)
Stephen Chong, Andrew C. Myers, K. Vikram, SIF: enforcing confidentiality and integrity in web applications usenix security symposium. pp. 1- ,(2007)
Silas Boyd-Wickizer, David Mazières, Nickolai Zeldovich, Securing distributed systems with information flow control networked systems design and implementation. pp. 293- 308 ,(2008)
Mark S. Miller, Jonathan S. Shapiro, Paradigm Regained: Abstraction Mechanisms for Access Control Advances in Computing Science – ASIAN 2003. Progamming Languages and Distributed Computation Programming Languages and Distributed Computation. pp. 224- 242 ,(2003) , 10.1007/978-3-540-40965-6_15
Terry Mayfield, John M. Boone, Stephen R. Welke, INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD National Computer Security Center (U.S.). ,(1991) , 10.21236/ADA253989
David M. Eyers, Peter Pietzuch, Ioannis Papagiannis, Matteo Migliavacca, Brian Shand, Jean Bacon, DEFCON: high-performance event processing with information security usenix annual technical conference. pp. 1- 1 ,(2010)
Rebecca T. Mercuri, The HIPAA-potamus in health care data security Communications of the ACM. ,vol. 47, pp. 25- 28 ,(2004) , 10.1145/1005817.1005840
Stephen Tse, Steve Zdancewic, Run-time principals in information-flow type systems ACM Transactions on Programming Languages and Systems. ,vol. 30, pp. 6- ,(2007) , 10.1145/1290520.1290526
Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, Andrew C. Myers, Fabric: a platform for secure distributed computation and storage symposium on operating systems principles. pp. 321- 334 ,(2009) , 10.1145/1629575.1629606
Grzegorz Czajkowski, Application isolation in the Java Virtual Machine conference on object-oriented programming systems, languages, and applications. ,vol. 35, pp. 354- 366 ,(2000) , 10.1145/353171.353195
Silas Boyd-Wickizer, David Mazières, Nickolai Zeldovich, Eddie Kohler, Making information flow explicit in HiStar operating systems design and implementation. pp. 263- 278 ,(2006) , 10.5555/1298455.1298481