Practical , Dynamic Information-flow for Virtual Machines

For decades, secure operating systems have incorporated mandatory access control (MAC) techniques. Surprisingly, mobile-code platforms such as the Java Virtual Machine (JVM) and the .NET Common Language Runtime (CLR) have largely ignored these advances and have implemented a far weaker security that does not reliably track ownership and access permissions for individual data items. We have implemented a system that adds MAC to an existing JVM at the granularity of objects. Our system maintains a strict separation between mechanism and policy, thereby allowing a wide range of policies to be enforced. Moreover, our implementation is independent of any specific JVM, and will work with any JVM that supports the JVM Tools Interface.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[3]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[4]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[5]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[6]  Emin Gün Sirer,et al.  Protection is a software issue , 1995, Proceedings 5th Workshop on Hot Topics in Operating Systems (HotOS-V).

[7]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[8]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[9]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[10]  Geoffrey Smith,et al.  Eliminating covert flows with minimum typings , 1997, Proceedings 10th Computer Security Foundations Workshop.

[11]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[12]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[13]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[14]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[15]  Robert Grimm,et al.  Separating access control policy, enforcement, and functionality in extensible systems , 2001, TOCS.

[16]  Nicoletta De Francesco,et al.  Using standard verifier to check secure information flow in Java bytecode , 2002, Proceedings 26th Annual International Computer Software and Applications.

[17]  V.V.S. Raveendra Inside java 2 platform security: architecture, API design and implementation [Book Review] , 2002, IEEE Software.

[18]  Wayne Salamon,et al.  Implementing SELinux as a Linux Security Module , 2003 .

[19]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[20]  Chris Vance,et al.  The TrustedBSD MAC Framework: Extensible Kernel Access Control for FreeBSD 5.0 , 2003, USENIX Annual Technical Conference, FREENIX Track.

[21]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[22]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .