Check out the new USENIX Web site.
USENIX, The Advanced Computing Systems Association

NSDI '08 – Abstract

Pp. 293–308 of the Proceedings

Securing Distributed Systems with Information Flow Control

Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières, Stanford University


Recent operating systems have shown that decentralized information flow control (DIFC) can secure applications built from mostly untrusted code. This paper extends DIFC to the network. We present DStar, a system that enforces the security requirements of mutually distrustful components through cryptography on the network and local OS protection mechanisms on each host. DStar does not require any fully-trusted processes or machines, and is carefully constructed to avoid covert channels inherent in its interface. We use DStar to build a three-tiered web server that mitigates the effects of untrustworthy applications and compromised machines.
  • View the full text of this paper in PDF. Listen to the presentation in MP3 format.

    The Proceedings are published as a collective work, © 2008 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
To become a USENIX member, please see our Membership Information.

Last changed: 11 Aug 2008 mn