[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1109/MICRO.2004.31acmconferencesArticle/Chapter ViewAbstractPublication PagesmicroConference Proceedingsconference-collections
Article

RIFLE: An Architectural Framework for User-Centric Information-Flow Security

Published: 04 December 2004 Publication History

Abstract

Even as modern computing systems allow the manipulation and distribution of massive amounts of information, users of these systems are unable to manage the confidentiality of their data in a practical fashion. Conventional access control security mechanisms cannot prevent the illegitimate use of privileged data once access is granted. For example, information provided by a user during an online purchase may be covertly delivered to malicious third parties by an untrustworthy web browser. Existing information-flow security mechanisms do provide this assurance, but only for programmer-specified policies enforced during program development as a static analysis on special-purpose type-safe languages. Not only are these techniques not applicable to many commonly used programs, but they leave the user with no defense against malicious programmers or altered binaries. In this paper, we propose RIFLE, a runtime information-flow security system designed from the user's perspective. By addressing information-flow security using architectural support, RIFLE gives users a practical way to enforce their own information-flow security policy on all programs. We prove that, contrary to statements in the literature, run-time systems like RIFLE are no less secure than existing language-based techniques. Using a model of the architectural framework and a binary translator, we demonstrate RIFLE's correctness and illustrate that the performance cost is reasonable.

References

[1]
{1} A. Aho, R. Sethi, and J. Ullman. Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading, MA, 1986.
[2]
{2} W. A. Arbaugh, D. J. Farber, and J. M. Smith. A secure and reliable bootstrap architecture. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, page 65. IEEE Computer Society, 1997.
[3]
{3} W. A. Arbaugh, A. D. Keromytis, D. J. Farber, and J. M. Smith. Automated recovery in a secure bootstrap process. In Symposium on Network ands Distributed System Security (SNDSS), pages 155- 167, 1998.
[4]
{4} G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 executables. In Proceedings of the 13th International Conference on Compiler Construction, pages 5-23, 2004.
[5]
{5} B.-C. Cheng and W.W. Hwu. Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 57-69, 2000.
[6]
{6} G. Z. Chrysos and J. S. Emer. Memory dependence prediction using store sets. In Proceedings of the 25th annual international symposium on Computer architecture, pages 142-153. IEEE Computer Society, 1998.
[7]
{7} D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236-243, 1976.
[8]
{8} D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504- 513, 1977.
[9]
{9} J. S. Fenton. Information Protection Systems. PhD thesis, University of Cambridge, Cambridge, England, 1973.
[10]
{10} S. N. Foley. A taxonomy for information flow policies and models. In Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, pages 98-108, 1991.
[11]
{11} R. Ghiya, D. Lavery, and D. Sehr. On the importance of points-to analysis and other memory disambiguation methods for C programs. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, pages 47-58. ACM Press, 2001.
[12]
{12} N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In ACM, editor, Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 365-377, New York, NY, USA, 1998. ACM Press.
[13]
{13} Intel Corporation. Web site: http://www.intel.com/technology/security/downloads/ LT_Arch_Overview.pdf, February 2004.
[14]
{14} B. W. Lampson. Protection. In Proceedings of the 5th Princeton Symposium on Information Sciences and Systems, 1971.
[15]
{15} B. W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613-615, 1973.
[16]
{16} W. Landi. Undecidability of static analysis. ACM Letters on Programming Languages and Systems, 1(4):323-337, 1992.
[17]
{17} Lavasoft. Web site: http://www.lavasoftusa.com, January 2004.
[18]
{18} D. Lie, C. A. Thekkath, and M. Horowitz. Implementing an untrusted operating system on trusted hardware. In Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 178-192. ACM Press, 2003.
[19]
{19} D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. C. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Architectural Support for Programming Languages and Operating Systems, pages 168-177, 2000.
[20]
{20} Microsoft Corporation. Web site: http://msdn.microsoft.com/security/productinfo/ngscb, January 2004.
[21]
{21} A. C. Myers. JFlow: Practical mostly-static information flow control. In Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pages 228-241, 1999.
[22]
{22} A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proceedings of the sixteenth ACM symposium on Operating systems principles, pages 129-142. ACM Press, 1997.
[23]
{23} A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410-442, 2000.
[24]
{24} G. C. Necula. Proof-carrying code. In Proceedings of the 24th ACM Symposium on Principles of Programming Langauges, pages 106- 119, Paris, Jan. 1997.
[25]
{25} A. Podgurski and L. A. Clarke. A formal model of program dependences and its implications for software testing, debugging, and maintenance. IEEE Transactions on Software Engineering, 16(9):965-979, 1990.
[26]
{26} G. Ramalingam. The undecidability of aliasing. ACM Transactions on Programming Languages and Systems, 16(5):1467-1471, 1994.
[27]
{27} H. J. Saal and I. Gat. A hardware architecture for controlling information flow. In Proceedings of the 5th annual symposium on Computer architecture, pages 73-77. ACM Press, 1978.
[28]
{28} A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, January 2003.
[29]
{29} G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th annual international conference on Supercomputing, pages 160-171. ACM Press, 2003.
[30]
{30} Trusted Computing Platform Alliance. Web site: http://www.trustedcomputing.org/, February 2004.
[31]
{31} S. Tse and S. Zdancewic. Run-time principals in information-flow type systems. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 179-193. IEEE Computer Society, 2004.
[32]
{32} M. Vachharajani, N. Vachharajani, D. A. Penry, J. A. Blome, and D. I. August. Microarchitectural exploration with Liberty. In Proceedings of the 35th International Symposium on Microarchitecture (MICRO), pages 271-282, November 2002.
[33]
{33} R. P. Wilson and M. S. Lam. Effective context-sensitive pointer analysis for C programs. In Proceedings of the ACM SIGPLAN '95 Conference on Programming Language Design and Implementation , pages 1-12, June 1995.
[34]
{34} E. Witchel, J. Cates, and K. Asanovic. Mondrian memory protection. In Architectural Support for Programming Languages and Operating Systems, Oct 2002.
[35]
{35} J. C. Wray. An analysis of covert timing channels. In Proceedings of the 2004 IEEE Symposium on Security and Privacy. IEEE Computer Society, 1991.

Cited By

View all
  • (2021)Challenges and Opportunities for Practical and Effective Dynamic Information Flow TrackingACM Computing Surveys10.1145/348379055:1(1-33)Online publication date: 23-Nov-2021
  • (2020)DepTaintProceedings of the 2020 4th International Conference on Management Engineering, Software Engineering and Service Sciences10.1145/3380625.3380642(34-41)Online publication date: 17-Jan-2020
  • (2019)Tool Support for Confidentiality-by-ConstructionACM SIGAda Ada Letters10.1145/3375408.337541338:2(64-68)Online publication date: 6-Dec-2019
  • Show More Cited By
  1. RIFLE: An Architectural Framework for User-Centric Information-Flow Security

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
      December 2004
      345 pages
      ISBN:0769521266

      Sponsors

      Publisher

      IEEE Computer Society

      United States

      Publication History

      Published: 04 December 2004

      Check for updates

      Qualifiers

      • Article

      Conference

      MICRO37
      Sponsor:

      Acceptance Rates

      MICRO 37 Paper Acceptance Rate 29 of 158 submissions, 18%;
      Overall Acceptance Rate 484 of 2,242 submissions, 22%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)4
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 18 Dec 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2021)Challenges and Opportunities for Practical and Effective Dynamic Information Flow TrackingACM Computing Surveys10.1145/348379055:1(1-33)Online publication date: 23-Nov-2021
      • (2020)DepTaintProceedings of the 2020 4th International Conference on Management Engineering, Software Engineering and Service Sciences10.1145/3380625.3380642(34-41)Online publication date: 17-Jan-2020
      • (2019)Tool Support for Confidentiality-by-ConstructionACM SIGAda Ada Letters10.1145/3375408.337541338:2(64-68)Online publication date: 6-Dec-2019
      • (2019)LATCHProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358327(969-982)Online publication date: 12-Oct-2019
      • (2019)A dynamic taint analyzer for distributed systemsProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3341179(1115-1119)Online publication date: 12-Aug-2019
      • (2019)Context-Sensitive FencingProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304060(395-410)Online publication date: 4-Apr-2019
      • (2019)SpecShield: Shielding Speculative Data from Microarchitectural Covert ChannelsProceedings of the International Conference on Parallel Architectures and Compilation Techniques10.1109/PACT.2019.00020(151-164)Online publication date: 23-Sep-2019
      • (2018)PIITrackerProceedings of the 11th European Workshop on Systems Security10.1145/3193111.3193114(1-6)Online publication date: 23-Apr-2018
      • (2017)Register transfer level information flow tracking for provably secure hardware designProceedings of the Conference on Design, Automation & Test in Europe10.5555/3130379.3130775(1695-1700)Online publication date: 27-Mar-2017
      • (2016)Program-object Level Data Flow Analysis with Applications to Data Leakage and Contamination ForensicsProceedings of the Sixth ACM Conference on Data and Application Security and Privacy10.1145/2857705.2857747(277-284)Online publication date: 9-Mar-2016
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media