Article

RIFLE: An Architectural Framework for User-Centric Information-Flow Security

Authors:

Neil Vachharajani,

Matthew J. Bridges,

Jonathan Chang,

Guilherme Ottoni,

Jason A. Blome,

George A. Reis,

Manish Vachharajani,

David I. AugustAuthors Info & Claims

MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture

Pages 243 - 254

https://doi.org/10.1109/MICRO.2004.31

Published: 04 December 2004 Publication History

Abstract

Even as modern computing systems allow the manipulation and distribution of massive amounts of information, users of these systems are unable to manage the confidentiality of their data in a practical fashion. Conventional access control security mechanisms cannot prevent the illegitimate use of privileged data once access is granted. For example, information provided by a user during an online purchase may be covertly delivered to malicious third parties by an untrustworthy web browser. Existing information-flow security mechanisms do provide this assurance, but only for programmer-specified policies enforced during program development as a static analysis on special-purpose type-safe languages. Not only are these techniques not applicable to many commonly used programs, but they leave the user with no defense against malicious programmers or altered binaries. In this paper, we propose RIFLE, a runtime information-flow security system designed from the user's perspective. By addressing information-flow security using architectural support, RIFLE gives users a practical way to enforce their own information-flow security policy on all programs. We prove that, contrary to statements in the literature, run-time systems like RIFLE are no less secure than existing language-based techniques. Using a model of the architectural framework and a binary translator, we demonstrate RIFLE's correctness and illustrate that the performance cost is reasonable.

References

[1]

{1} A. Aho, R. Sethi, and J. Ullman. Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading, MA, 1986.

Digital Library

[2]

{2} W. A. Arbaugh, D. J. Farber, and J. M. Smith. A secure and reliable bootstrap architecture. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, page 65. IEEE Computer Society, 1997.

Digital Library

[3]

{3} W. A. Arbaugh, A. D. Keromytis, D. J. Farber, and J. M. Smith. Automated recovery in a secure bootstrap process. In Symposium on Network ands Distributed System Security (SNDSS), pages 155- 167, 1998.

[4]

{4} G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 executables. In Proceedings of the 13th International Conference on Compiler Construction, pages 5-23, 2004.

[5]

{5} B.-C. Cheng and W.W. Hwu. Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 57-69, 2000.

Digital Library

[6]

{6} G. Z. Chrysos and J. S. Emer. Memory dependence prediction using store sets. In Proceedings of the 25th annual international symposium on Computer architecture, pages 142-153. IEEE Computer Society, 1998.

Digital Library

[7]

{7} D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236-243, 1976.

Digital Library

[8]

{8} D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504- 513, 1977.

Digital Library

[9]

{9} J. S. Fenton. Information Protection Systems. PhD thesis, University of Cambridge, Cambridge, England, 1973.

[10]

{10} S. N. Foley. A taxonomy for information flow policies and models. In Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, pages 98-108, 1991.

[11]

{11} R. Ghiya, D. Lavery, and D. Sehr. On the importance of points-to analysis and other memory disambiguation methods for C programs. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, pages 47-58. ACM Press, 2001.

Digital Library

[12]

{12} N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In ACM, editor, Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 365-377, New York, NY, USA, 1998. ACM Press.

Digital Library

[13]

{13} Intel Corporation. Web site: http://www.intel.com/technology/security/downloads/ LT_Arch_Overview.pdf, February 2004.

[14]

{14} B. W. Lampson. Protection. In Proceedings of the 5th Princeton Symposium on Information Sciences and Systems, 1971.

[15]

{15} B. W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613-615, 1973.

Digital Library

[16]

{16} W. Landi. Undecidability of static analysis. ACM Letters on Programming Languages and Systems, 1(4):323-337, 1992.

Digital Library

[17]

{17} Lavasoft. Web site: http://www.lavasoftusa.com, January 2004.

[18]

{18} D. Lie, C. A. Thekkath, and M. Horowitz. Implementing an untrusted operating system on trusted hardware. In Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 178-192. ACM Press, 2003.

Digital Library

[19]

{19} D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. C. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Architectural Support for Programming Languages and Operating Systems, pages 168-177, 2000.

Digital Library

[20]

{20} Microsoft Corporation. Web site: http://msdn.microsoft.com/security/productinfo/ngscb, January 2004.

[21]

{21} A. C. Myers. JFlow: Practical mostly-static information flow control. In Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pages 228-241, 1999.

Digital Library

[22]

{22} A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proceedings of the sixteenth ACM symposium on Operating systems principles, pages 129-142. ACM Press, 1997.

Digital Library

[23]

{23} A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410-442, 2000.

Digital Library

[24]

{24} G. C. Necula. Proof-carrying code. In Proceedings of the 24th ACM Symposium on Principles of Programming Langauges, pages 106- 119, Paris, Jan. 1997.

Digital Library

[25]

{25} A. Podgurski and L. A. Clarke. A formal model of program dependences and its implications for software testing, debugging, and maintenance. IEEE Transactions on Software Engineering, 16(9):965-979, 1990.

Digital Library

[26]

{26} G. Ramalingam. The undecidability of aliasing. ACM Transactions on Programming Languages and Systems, 16(5):1467-1471, 1994.

Digital Library

[27]

{27} H. J. Saal and I. Gat. A hardware architecture for controlling information flow. In Proceedings of the 5th annual symposium on Computer architecture, pages 73-77. ACM Press, 1978.

Digital Library

[28]

{28} A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, January 2003.

Digital Library

[29]

{29} G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th annual international conference on Supercomputing, pages 160-171. ACM Press, 2003.

Digital Library

[30]

{30} Trusted Computing Platform Alliance. Web site: http://www.trustedcomputing.org/, February 2004.

[31]

{31} S. Tse and S. Zdancewic. Run-time principals in information-flow type systems. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 179-193. IEEE Computer Society, 2004.

[32]

{32} M. Vachharajani, N. Vachharajani, D. A. Penry, J. A. Blome, and D. I. August. Microarchitectural exploration with Liberty. In Proceedings of the 35th International Symposium on Microarchitecture (MICRO), pages 271-282, November 2002.

Digital Library

[33]

{33} R. P. Wilson and M. S. Lam. Effective context-sensitive pointer analysis for C programs. In Proceedings of the ACM SIGPLAN '95 Conference on Programming Language Design and Implementation , pages 1-12, June 1995.

Digital Library

[34]

{34} E. Witchel, J. Cates, and K. Asanovic. Mondrian memory protection. In Architectural Support for Programming Languages and Operating Systems, Oct 2002.

Digital Library

[35]

{35} J. C. Wray. An analysis of covert timing channels. In Proceedings of the 2004 IEEE Symposium on Security and Privacy. IEEE Computer Society, 1991.

Cited By

Brant CShrestha PMixon-Baca BChen KVarlioglu SElsayed NJin YCrandall JOliveira D(2021)Challenges and Opportunities for Practical and Effective Dynamic Information Flow TrackingACM Computing Surveys10.1145/348379055:1(1-33)Online publication date: 23-Nov-2021
https://dl.acm.org/doi/10.1145/3483790
Li BMa RWang XWang XHe J(2020)DepTaintProceedings of the 2020 4th International Conference on Management Engineering, Software Engineering and Service Sciences10.1145/3380625.3380642(34-41)Online publication date: 17-Jan-2020
https://dl.acm.org/doi/10.1145/3380625.3380642
Runge TSchaefer IKnüppel ACleophas LKourie DWatson B(2019)Tool Support for Confidentiality-by-ConstructionACM SIGAda Ada Letters10.1145/3375408.337541338:2(64-68)Online publication date: 6-Dec-2019
https://dl.acm.org/doi/10.1145/3375408.3375413
Show More Cited By

RIFLE: An Architectural Framework for User-Centric Information-Flow Security
1. Security and privacy
  1. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

A posteriori compliance control
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies

While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with ...
PoCo: A Language for Specifying Obligation-Based Policy Compositions
ICSCA '20: Proceedings of the 2020 9th International Conference on Software and Computer Applications

Existing security-policy-specification languages allow users to specify obligations, but challenges remain in the composition of complex obligations, including effective approaches for resolving conflicts between policies and obligations and allowing ...
Conflicts in Policy-Based Distributed Systems Management

Modern distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture

December 2004

345 pages

ISBN:0769521266

Sponsors

SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing

Publisher

IEEE Computer Society

United States

Publication History

Published: 04 December 2004

Check for updates

Qualifiers

Article

Conference

MICRO37

Sponsor:

SIGMICRO

MICRO37: The 37th Annual International Symposium on Microarchitecture

December 4 - 8, 2004

Oregon, Portland

Acceptance Rates

MICRO 37 Paper Acceptance Rate 29 of 158 submissions, 18%;

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Upcoming Conference

MICRO '24

Sponsor:
sigmicro

57th Annual IEEE/ACM International Symposium on Microarchitecture

November 2 - 6, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

114
Total Citations
View Citations
870
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Brant CShrestha PMixon-Baca BChen KVarlioglu SElsayed NJin YCrandall JOliveira D(2021)Challenges and Opportunities for Practical and Effective Dynamic Information Flow TrackingACM Computing Surveys10.1145/348379055:1(1-33)Online publication date: 23-Nov-2021
https://dl.acm.org/doi/10.1145/3483790
Li BMa RWang XWang XHe J(2020)DepTaintProceedings of the 2020 4th International Conference on Management Engineering, Software Engineering and Service Sciences10.1145/3380625.3380642(34-41)Online publication date: 17-Jan-2020
https://dl.acm.org/doi/10.1145/3380625.3380642
Runge TSchaefer IKnüppel ACleophas LKourie DWatson B(2019)Tool Support for Confidentiality-by-ConstructionACM SIGAda Ada Letters10.1145/3375408.337541338:2(64-68)Online publication date: 6-Dec-2019
https://dl.acm.org/doi/10.1145/3375408.3375413
Townley DKhasawneh KPonomarev DAbu-Ghazaleh NYu L(2019)LATCHProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358327(969-982)Online publication date: 12-Oct-2019
https://dl.acm.org/doi/10.1145/3352460.3358327
Fu XCai HDumas MPfahl DApel SRusso A(2019)A dynamic taint analyzer for distributed systemsProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3341179(1115-1119)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3341179
Taram MVenkat ATullsen DBahar IHerlihy MWitchel ELebeck A(2019)Context-Sensitive FencingProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304060(395-410)Online publication date: 4-Apr-2019
https://dl.acm.org/doi/10.1145/3297858.3304060
Arefi MAlexander GCrandall J(2018)PIITrackerProceedings of the 11th European Workshop on Systems Security10.1145/3193111.3193114(1-6)Online publication date: 23-Apr-2018
https://dl.acm.org/doi/10.1145/3193111.3193114
Ardeshiricham AHu WMarxen JKastner R(2017)Register transfer level information flow tracking for provably secure hardware designProceedings of the Conference on Design, Automation & Test in Europe10.5555/3130379.3130775(1695-1700)Online publication date: 27-Mar-2017
https://dl.acm.org/doi/10.5555/3130379.3130775
Xiao GWang JLiu PMing JWu DBertino ESandhu RPretschner A(2016)Program-object Level Data Flow Analysis with Applications to Data Leakage and Contamination ForensicsProceedings of the Sixth ACM Conference on Data and Application Security and Privacy10.1145/2857705.2857747(277-284)Online publication date: 9-Mar-2016
https://dl.acm.org/doi/10.1145/2857705.2857747
Ming JWu DXiao GWang JLiu P(2015)TaintPipeProceedings of the 24th USENIX Conference on Security Symposium10.5555/2831143.2831148(65-80)Online publication date: 12-Aug-2015
https://dl.acm.org/doi/10.5555/2831143.2831148
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents