Preliminary design of the SAFE platform

Safe is a clean-slate design for a secure host architecture. It integrates advances in programming languages, operating systems, and hardware and incorporates formal methods at every step. Though the project is still at an early stage, we have assembled a set of basic architectural choices that we believe will yield a high-assurance system. We sketch the current state of the design and discuss several of these choices.

[1]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[2]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[3]  Richard D. Greenblatt,et al.  A LISP machine , 1974, CAW '80.

[4]  William A. Wulf,et al.  HYDRA/C.Mmp, An Experimental Computer System , 1981 .

[5]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[6]  Dave Johnson,et al.  The Intel 432: A VLSI Architecture for Fault-Tolerant Computer Systems , 1984, Computer.

[7]  Robert P. Colwell,et al.  Performance effects of architectural complexity in the Intel 432 , 1988, TOCS.

[8]  Thomas F. Knight,et al.  A capability representation with embedded address and nearly-exact object bounds , 2000 .

[9]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[10]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[11]  Trent Jaeger,et al.  Implicit Flows: Can't Live with 'Em, Can't Live without 'Em , 2008, ICISS.

[12]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[13]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[14]  Thomas H. Austin,et al.  Efficient purely-dynamic information flow analysis (abstract only) , 2009, SIGP.

[15]  Xi Wang,et al.  Improving application security with data flow assertions , 2009, SOSP '09.

[16]  Thomas H. Austin,et al.  Efficient purely-dynamic information flow analysis , 2009, PLAS '09.

[17]  C. Hawblitzel,et al.  Safe to the last instruction , 2011, Commun. ACM.

[18]  Winnie Cheng,et al.  Abstractions for Usable Information Flow Control in Aeolus , 2012, USENIX Annual Technical Conference.