skip to main content
research-article

Laminar: practical fine-grained decentralized information flow control

Published:15 June 2009Publication History
Skip Abstract Section

Abstract

Decentralized information flow control (DIFC) is a promising model for writing programs with powerful, end-to-end security guarantees. Current DIFC systems that run on commodity hardware can be broadly categorized into two types: language-level and operating system-level DIFC. Language level solutions provide no guarantees against security violations on system resources, like files and sockets. Operating system solutions can mediate accesses to system resources, but are inefficient at monitoring the flow of information through fine-grained program data structures.

This paper describes Laminar, the first system to implement decentralized information flow control using a single set of abstractions for OS resources and heap-allocated objects. Programmers express security policies by labeling data with secrecy and integrity labels, and then access the labeled data in lexically scoped security regions. Laminar enforces the security policies specified by the labels at runtime. Laminar is implemented using a modified Java virtual machine and a new Linux security module. This paper shows that security regions ease incremental deployment and limit dynamic security checks, allowing us to retrofit DIFC policies on four application case studies. Replacing the applications' ad-hoc security policies changes less than 10% of the code, and incurs performance overheads from 1% to 56%. Whereas prior DIFC systems only support limited types of multithreaded programs, Laminar supports a more general class of multithreaded DIFC programs that can access heterogeneously labeled data.

References

  1. DaCapo Benchmark Regression Tests. \URLhttp://jikesrvm.anu.edu.au/~dacapo/.Google ScholarGoogle Scholar
  2. B. Alpern, C. R. Attanasio, J. J. Barton, M. G. Burke, P. Cheng, J.-D. Choi, A. Cocchi, S. J. Fink, D. Grove, M. Hind, Susan~Flynn Hummel, D. Lieber, V. Litvinov, M. Mergen, T. Ngo, J. R. Russell, V. Sarkar, M. J. Serrano, J. Shepherd, S. Smith, V. C. Sreedhar, H. Srinivasan, and J. Whaley. The Jalapeño virtual machine. IBM Systems Journal, 39(1):211--238, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical Report MTR-2547, Vol. 1, MITRE Corp., Bedford, MA, 1973.bibitembibaK. J. Biba. Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA, April 1977.Google ScholarGoogle Scholar
  4. A. Birgisson, M. Dhawan, Úlfar Erlingsson, V. Ganapathy, and L. Iftode. Enforcing authorization policies using transactional memory introspection. In CCS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. S. M. Blackburn, R. Garner, C. Hoffman, A. M. Khan, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. E. B. Moss, A. Phansalkar, D. Stefanović, T. VanDrunen, D. von Dincklage, and B. Wiedermann. The DaCapo benchmarks: Java benchmarking development and analysis. In OOPSLA, pages 169--190, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Stephen M. Blackburn and Antony L. Hosking. Barriers: Friend or foe? In ACM International Symposium on Memory Management, pages 143--151, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. E. Denning. A lattice model of secure information flow. CACM, 19(5):236--243, May 1976. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. CACM, 20(7):504--513, July 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Department of Defense. Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD (The Orange Book) edition, December 1985.Google ScholarGoogle Scholar
  10. Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel. From trusted to secure: Building and executing applications that enforce system security. pages 205--218, 2007.Google ScholarGoogle Scholar
  11. Paul A. Karger, Mary Ellen Zurko, Douglas W. Bonin, Andrew H. Mason, and Clifford E. Kahn. A retrospective on the VAX VMM security kernel. IEEE Trans. Softw. Eng., 17(11), 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard OS abstractions. In SOSP, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. B. W. Lampson. A note on the confinement problem. Commun. ACM, 16(10):613--615, 1973. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Henry M. Levy. Capability-Based Computer Systems. Digital Press, Bedford, Massachusetts, 1984. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In USENIX, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Larry McVoy and Carl Staelin. lmbench: Portable tools for performance analysis. In Usenix, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. A. C. Myers. JFlow: Practical mostly-static information flow control. In POPL, pages 228--241, New York, NY, USA, 1999. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. C. Myers and B. Liskov. A decentralized model for information flow control. In SOSP, pages 129--142, October 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. C. Myers, N. Nystrom, L. Zheng, and S. Zdancewic. Jif: Java information flow. Software release. http://www.cs.cornell.edu/jif, July 2001.Google ScholarGoogle Scholar
  20. Yang Ni, Adam Welc, Ali-Reza Adl-Tabatabai, Moshe Bach, Sion Berkowits, James Cownie, Robert Geva, Sergey Kozhukow, Ravi Narayanaswamy, Jeffrey Olivier, Serguei Preis, Bratin Saha, Ady Tal, and Xinmin Tian. Design and implementation of transactional constructs for C/C. In OOPSLA, pages 195--212, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jonathan S. Shapiro, Jonathan~M. Smith, and David J. Farber. EROS: A fast capability system. In SOSP, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. V. Simonet and I. Rocquencourt. Flow Caml in a nutshell. In Proceedings of the first APPSEM--II workshop, pages 152--165, 2003.Google ScholarGoogle Scholar
  24. Standard Performance Evaluation Corporation. SPECjbb2000 Documentation, release 1.01 edition, 2001.Google ScholarGoogle Scholar
  25. N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. RIFLE: An architectural framework for user-centric information-flow security. In MICRO, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. S. Vandebogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazières. Labels and event processes in the Asbestos operating system. ACM Trans. Comput. Syst., 25(4):11, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. C. Wright, C. Cowan, S. Smalley, J. Morris, and G. K. Hartman. Linux security modules: General security support for the Linux kernel. In USENIX Security Symposium, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In OSDI, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware enforcement of application security policies using tagged memory. In OSDI, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Laminar: practical fine-grained decentralized information flow control

                  Recommendations

                  Comments

                  Login options

                  Check if you have access through your login credentials or your institution to get full access on this article.

                  Sign in

                  Full Access

                  • Published in

                    cover image ACM SIGPLAN Notices
                    ACM SIGPLAN Notices  Volume 44, Issue 6
                    PLDI '09
                    June 2009
                    478 pages
                    ISSN:0362-1340
                    EISSN:1558-1160
                    DOI:10.1145/1543135
                    Issue’s Table of Contents
                    • cover image ACM Conferences
                      PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation
                      June 2009
                      492 pages
                      ISBN:9781605583921
                      DOI:10.1145/1542476

                    Copyright © 2009 ACM

                    Publisher

                    Association for Computing Machinery

                    New York, NY, United States

                    Publication History

                    • Published: 15 June 2009

                    Check for updates

                    Qualifiers

                    • research-article

                  PDF Format

                  View or Download as a PDF file.

                  PDF

                  eReader

                  View online with eReader.

                  eReader
                  About Cookies On This Site

                  We use cookies to ensure that we give you the best experience on our website.

                  Learn more

                  Got it!