A Virtual Machine Based Information Flow Control System for Policy Enforcement

The ability to enforce usage policies attached to data in a fine grained manner requires that the system be able to trace and control the flow of information within it. This paper presents the design and implementation of such an information flow control system, named Trishul, as a Java Virtual Machine. In particular we address the problem of tracing implicit information flow, which had not been resolved by previous run-time systems and the additional intricacies added on by the Java architecture. We argue that the security benefits offered by Trishul are substantial enough to counter-weigh the performance overhead of the system as shown by our experiments.

[1]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[2]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[3]  Chris I. Dalton,et al.  Dynamic label binding at run-time , 2003, NSPW '03.

[4]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[5]  Dorothy E. Denning,et al.  Secure information flow in computer systems. , 1975 .

[6]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[7]  M. Franz,et al.  Practical , Dynamic Information-flow for Virtual Machines , 2005 .

[8]  Jeffrey S. Fenton Information Protection Systems , 1973 .

[9]  V.V.S. Raveendra Inside java 2 platform security: architecture, API design and implementation [Book Review] , 2002, IEEE Software.

[10]  Deepak Chandra,et al.  Information flow analysis and enforcement in java bytecode , 2006 .

[11]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[14]  Harry J. Saal,et al.  Memoryless execution: A programmer's viewpoint , 1976, Softw. Pract. Exp..

[15]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[16]  H. Chandler Practical , 1982, Digital Transformation of the Laboratory.

[17]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[18]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[19]  Alexander K. Petrenko,et al.  Electronic Notes in Theoretical Computer Science , 2009 .

[20]  Úlfar Erlingsson,et al.  The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .

[21]  Thomas F. Knight,et al.  A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow , 2001 .

[22]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.