Information Flow Integrity for Systems of Independently-Developed Components

Abstract : The aim of this project is to enable enforcement of integrity safe in systems of independently-developed components. In this project, we explore this problem from three perspectives. First, we developed integrity safety properties and mechanisms to enforce them. In particular, we developed resource retrieval (access) integrity, which protects programs when retrieving system resources, and implemented the process firewall mechanism to enforce this property. Second, we developed integrity safety mechanisms for a variety of software, including web browsers (to protect them from browser extensions), kernel software (to enforce resource retrieval integrity and fine-grained control-flow integrity of approved code), and user-space programs (to enforce access control policies). Third, we developed methods to retrofit software to enforce integrity safety properties mostly-automatically through safety games and authorization constraints. Both of these methods enable an efficient deployment of code to enforce expected integrity requirements. This work has been published in several top conferences in computer security and programming languages and some of the projects have been packaged for open-source distribution.