Title | Abstractions for Usable Information Flow Control in Aeolus |
Publication Type | Conference Paper |
Year of Publication | 2012 |
Authors | Cheng W, Ports DRK, Schultz D, Popic V, Blankstein A, Cowling J, Curtis D, Shrira L, Liskov B |
Conference Name | USENIX Annual Technical Conference |
Date or Month Published | June |
Publisher | USENIX |
Conference Location | Boston, MA, USA |
Abstract | Despite the increasing importance of protecting confidential data, building secure software remains as challenging as ever. This paper describes Aeolus, a new platform for building secure distributed applications. Aeolus uses information flow control to provide confidentiality and data integrity. It differs from previous information flow control systems in a way that we believe makes it easier to understand and use. Aeolus uses a new, simpler security model, the first to combine a standard principal-based scheme for authority management with thread-granularity information flow tracking. The principal hierarchy matches the way developers already reason about authority and access control, and the coarse-grained information flow tracking eases the task of defining a program's security restrictions. In addition, Aeolus provides a number of new mechanisms (authority closures, compound tags, boxes, and shared volatile state) that support common design patterns in secure application design. |
Downloads | http://drkp.net/papers/aeolus-usenix12.pdf |
Citation Key | cheng12:_abstr_usabl_infor_flow_contr_aeolus |