usenix conference policies
Securing Distributed Systems with Information Flow Control
Abstract:
Recent operating systems have shown that decentralized information flow control (DIFC) can secure applications built from mostly untrusted code. This paper extends DIFC to the network. We present DStar, a system that enforces the security requirements of mutually distrustful components through cryptography on the network and local OS protection mechanisms on each host. DStar does not require any fully-trusted processes or machines, and is carefully constructed to avoid covert channels inherent in its interface. We use DStar to build a three-tiered web server that mitigates the effects of untrustworthy applications and compromised machines.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {268264,
author = {Nickolai Zeldovich and Silas Boyd-Wickizer and David Mazi{\`e}res},
title = {Securing Distributed Systems with Information Flow Control},
booktitle = {5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 08)},
year = {2008},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/nsdi-08/securing-distributed-systems-information-flow-control},
publisher = {USENIX Association},
month = apr
}
author = {Nickolai Zeldovich and Silas Boyd-Wickizer and David Mazi{\`e}res},
title = {Securing Distributed Systems with Information Flow Control},
booktitle = {5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 08)},
year = {2008},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/nsdi-08/securing-distributed-systems-information-flow-control},
publisher = {USENIX Association},
month = apr
}
connect with us