Article

Making information flow explicit in HiStar

Authors:

Nickolai Zeldovich,

Silas Boyd-Wickizer,

David MazièresAuthors Info & Claims

OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation

Pages 263 - 278

Published: 06 November 2006 Publication History

Abstract

HiStar is a new operating system designed to minimize the amount of code that must be trusted. HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of applications. HiStar's security features make it possible to implement a Unix-like environment with acceptable performance almost entirely in an untrusted user-level library. The system has no notion of superuser and no fully trusted code other than the kernel. HiStar's features permit several novel applications, including an entirely untrusted login process, separation of data between virtual private networks, and privacy-preserving, untrusted virus scanners.

References

[1]

D. E. Bell and L. La Padula. Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997, Rev. 1, MITRE Corp., Bedford, MA, March 1976.

[2]

A. C. Bomberger, A. P. Frantz, W. S. Frantz, A. C. Hardy, N. Hardy, C. R. Landau, and J. S. Shapiro. The KeyKOS nanokernel architecture. In Proc. of the USENIX Workshop on Micro-Kernels and Other Kernel Architectures, pages 95--112, April 1992.

Digital Library

[3]

ClamAV. http://www.clamav.net/.

[4]

D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, May 1976.

Digital Library

[5]

P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In Proc. of the 20th SOSP, pages 17--30, October 2005.

Digital Library

[6]

H. Franke, R. Russell, and M. Kirkwood. Fuss, futexes and furwocks: Fast userlevel locking in Linux. Ottawa Linux Symposium, 2002.

[7]

T. Fraser. LOMAC: Low water-mark integrity protection for COTS environments. In Proc. of the 2000 IEEE Symposium on Security and Privacy, pages 230--245, Oakland, CA, May 2000.

Digital Library

[8]

G. Hamilton and P. Kougiouris. The Spring nucleus: A microkernel for objects. In Proc. of the Summer 1993 USENIX, pages 147--159, April 1993.

Digital Library

[9]

G. C. Hunt, J. R. Larus, M. Abadi, M. Aiken, P. Barham, M. Fahndrich, C. Hawblitzel, O. Hodson, S. Levi, N. Murphy, B. Steensgaard, D. Tarditi, T. Wobber, and B. Zill. An overview of the Singularity project. Technical Report MSR-TR-2005-135, Microsoft, Redmond, WA, October 2005.

[10]

C. E. Landwehr. Formal models for computer security. Computing Survels, 13(3):247--278, September 1981.

Digital Library

[11]

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In Proc. of the 2001 USENIX, pages 29--40, June 2001. FREENIX track.

Digital Library

[12]

LWIP. http://savannah.nongnu.org/projects/lwip/.

[13]

M. D. McIlroy and J. A. Reeds. Multilevel security in the UNIX tradition. Software---Practice and Experience, 22(8):673--694, 1992.

Digital Library

[14]

A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. Transactions on Computer Systems, 9(4):410--442, October 2000.

Digital Library

[15]

R. Naraine. Symantec antivirus worm hole puts millions at risk. eWeek.com, May 2006. http://www.eweek.com/article2/0,1895,1967941,00.asp.

[16]

OpenVPN. http://openvpn.net/.

[17]

R. Pike, D. Presotto, S. Dorward, B. Flandrena, K. Thompson, H. Trickey, and P. Winterbottom. Plan 9 from Bell Labs. Computing Systems, 8(3): 221--254, Summer 1995.

[18]

H. Pötzl. Linux-VServer Technology, 2004. http://linux-vserver.org/Linux-VServer-Paper.

[19]

K. Poulsen. Slammer worm crashed Ohio nuke plant net. The Register, August 20, 2003. http://www.theregister.co.uk/2003/08/20/slammer_worm_crashed_ohio_nuke/.

[20]

M. Rosenblum and J. Ousterhout. The design and implementation of a log-structured file system. In Proc. of the 13th SOSP, pages 1--15, Oct. 1991.

Digital Library

[21]

M. D. Schroeder and J. H. Saltzer. A hardware architecture for implementing protection rings. In Proc. of the Third Symposium on Operating Systems Principles, pages 42--54, March 1972.

Digital Library

[22]

Seagate. Barracuda 7200.7 Product Manual, Publication 100217279, Rev. L edition, March 2004. http://www.seagate.com/support/disc/manuals/ata/cuda7200pm.pdf.

[23]

J. S. Shapiro, J. M. Smith, and D. J. Farber. EROS: a fast capability system. In Proc. of the 17th SOSP, pages 170--185, December 1999.

Digital Library

[24]

A. Sweeney, D. Doucette, W. Hu, C. Anderson, M. Nishimoto, and G. Peck. Scalability in the XFS file system. In Proceedings of the USENIX 1996 Technical Conference, pages 1--14, San Diego, CA, USA, 22--26 1996.

Digital Library

[25]

uClibc. http://uclibc.org/.

Cited By

Kafle KJagtap KAhmed-Rengers MJaeger TNadkarni AKim YKim JKoushanfar FRasmussen K(2024)Practical Integrity Validation in the Smart Home with HomeEndorserProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656116(207-218)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656116
McCall MBichhawat AJia LMeng WJensen CCremers CKirda E(2023)Tainted Secure Multi-Execution to Restrict Attacker InfluenceProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623110(1732-1745)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623110
Skandylas CKhakpour NAndersson J(2021)AT-DIFC+: Toward Adaptive and Trust-Aware Decentralized Information Flow ControlACM Transactions on Autonomous and Adaptive Systems10.1145/348729215:4(1-35)Online publication date: 20-Dec-2021
https://dl.acm.org/doi/10.1145/3487292
Show More Cited By

Making information flow explicit in HiStar

Recommendations

Making information flow explicit in HiStar

HiStar is a new operating system designed to minimize the amount of code that must be trusted. HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of ...
Making information flow explicit in HiStar
OSDI '06: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7

HiStar is a new operating system designed to minimize the amount of code that must be trusted. HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of ...
Language-based information-flow security

Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation

November 2006

407 pages

ISBN:1931971471

Program Chairs:
Brian Bershad
University of Washington
,
Jeff Mogul
Hewlett-Packard Labs

Sponsors

VMware
NSF: National Science Foundation
Google Inc.
Infosys
SIGOPS: ACM Special Interest Group on Operating Systems
Sun Microsystems
Intel: Intel
Microsoft Research: Microsoft Research
DoCoMo USA Labs
USENIX Assoc: USENIX Assoc
HP invent
Ask.com
IBM: IBM

Publisher

USENIX Association

United States

Publication History

Published: 06 November 2006

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

108
Total Citations
View Citations
524
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kafle KJagtap KAhmed-Rengers MJaeger TNadkarni AKim YKim JKoushanfar FRasmussen K(2024)Practical Integrity Validation in the Smart Home with HomeEndorserProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656116(207-218)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656116
McCall MBichhawat AJia LMeng WJensen CCremers CKirda E(2023)Tainted Secure Multi-Execution to Restrict Attacker InfluenceProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623110(1732-1745)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623110
Skandylas CKhakpour NAndersson J(2021)AT-DIFC+: Toward Adaptive and Trust-Aware Decentralized Information Flow ControlACM Transactions on Autonomous and Adaptive Systems10.1145/348729215:4(1-35)Online publication date: 20-Dec-2021
https://dl.acm.org/doi/10.1145/3487292
Beck RVijeev AGanapathy VLigatti JOu XKatz JVigna G(2020)Privaros: A Framework for Privacy-Compliant Delivery DronesProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417858(181-194)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3417858
Litton JGarg DDruschel PBhattacharjee B(2019)Composing Abstractions using the null-KernelProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3317550.3321450(1-6)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3317550.3321450
Barthe GBetarte GCampo JLuna C(2019)System-Level Non-interference of Constant-Time Cryptography. Part IJournal of Automated Reasoning10.1007/s10817-017-9441-563:1(1-51)Online publication date: 1-Jun-2019
https://dl.acm.org/doi/10.1007/s10817-017-9441-5
Sigurbjarnarson HNelson LCastro-Karney BBornholt JTorlak EWang XArpaci-Dusseau AVoelker G(2018)NickelProceedings of the 13th USENIX conference on Operating Systems Design and Implementation10.5555/3291168.3291190(287-305)Online publication date: 8-Oct-2018
https://dl.acm.org/doi/10.5555/3291168.3291190
Zhan YConway AJiao YKnorr EBender MFarach-Colton MJannen WJohnson RPorter DYuan JAgrawal NRangaswami R(2018)The full path to full-path indexingProceedings of the 16th USENIX Conference on File and Storage Technologies10.5555/3189759.3189771(123-138)Online publication date: 12-Feb-2018
https://dl.acm.org/doi/10.5555/3189759.3189771
Pasquier THan XMoyer TBates AHermant OEyers DBacon JSeltzer MLie DMannan MBackes MWang X(2018)Runtime Analysis of Whole-System ProvenanceProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243776(1601-1616)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243776
Zhan YJiao YPorter DConway AKnorr EFarach-Colton MBender MYuan JJannen WJohnson R(2018)Efficient Directory Mutations in a Full-Path-Indexed File SystemACM Transactions on Storage10.1145/324106114:3(1-27)Online publication date: 26-Nov-2018
https://dl.acm.org/doi/10.1145/3241061
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents