Effect:An Operational View Mechanism for Decentralized Information Flow Control

Effect:An Operational View Mechanism for Decentralized Information Flow Control

导出

摘要 Flume, which implements decentralized information flow control （DIFC）, allows a high security level process to ＂pre-create＂ secret files in a low security level directory. However, the pre-create mechanism makes some normal system calls unavailable, and moreover, it needs priori knowledge to create a large quantity of objects, which is difficult to estimate in practical operating systems. In this paper, we present an extended Flume file access control mechanism, named Effect, to substitute the mechanism of pre-create, which permits write operations （create, delete, and rename a file） on directories and creates a file access virtual layer that allocates operational views for each process with noninterference properties. In the end, we further present an analysis on the security of Effect. Our work makes it easier for multi-user to share confidential information in decentralized information flow control systems. Flume, which implements decentralized information flow control （DIFC）, allows a high security level process to ＂pre-create＂ secret files in a low security level directory. However, the pre-create mechanism makes some normal system calls unavailable, and moreover, it needs priori knowledge to create a large quantity of objects, which is difficult to estimate in practical operating systems. In this paper, we present an extended Flume file access control mechanism, named Effect, to substitute the mechanism of pre-create, which permits write operations （create, delete, and rename a file） on directories and creates a file access virtual layer that allocates operational views for each process with noninterference properties. In the end, we further present an analysis on the security of Effect. Our work makes it easier for multi-user to share confidential information in decentralized information flow control systems.

作者 YAN Fei TANG Jingya XIONG Shengchao WANG Juan

机构地区 Key Laboratory of Aerospace Information Security and Trusted Computing School of Computer

出处《Wuhan University Journal of Natural Sciences》 CAS 2012年第5期435-440,共6页 武汉大学学报（自然科学英文版）

基金 Supported by the National Natural Science Foundation of China(61003268,61103220,91118003,61173138,61170022) Hubei Provincial Natural Science Foundation(2010CDB08601) The Fundamental ResearchFunds for the Central Universities (3101038,274629)

关键词 decentralized information flow control precreate operational view file access virtual layer decentralized information flow control precreate operational view file access virtual layer

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献10

1Myers A C, Liskov B. Protecting privacy using the decen- tralized label model [J]. ACM Transactions on Software En- gineering and Methodology, 2000, 9(4): 410-442.
2Sabelfeld A, Myers A C. Language-based information-flow security [J]. IEEE Journal on Selected Areas in Communica- tions, 2006, 21(1): 5-19.
3Simonet V, Rocquencourt I. Flow Caml in a nutshell [EB/OL]. [2012-03-12]. htqg://www.es.nott.ae.uk/-gmh/appsem- papers/ simonet.pdf.
4Krohn M, Yip A, Brodsky M, et al. Information flow control for standard OS abstractions [C]//Proc 21st ACM sympo- sium on Operating systems principles, New York: ACM Press, 2007: 321-334.
5Efstathopoulos P, Krohn M, Frey C, et al. Labels and event processes in the Asbestos operating system [C]//Proc 20th ACM symposium on Operating systems principles, New York: ACM Press, 2005: 17-30.
6Zeldovich N, Boyd-Wickizer S, Kohler E, et al. Making information flow explicit in HiStar [C]// Proc 7th Sympo- sium on Operating Systems Design and Implementation, San Francisco: USENIX Association Berkeley, 2006: 263-278.
7Roy I, Bond M, Porter D, et al. Laminar: practical fine- grained decentralized information flow control [C]//Proc of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, New York: ACM Press, 2009: 63-74.
8Denning D E. A lattice model of secure information flow [J]. Communications oftheACM, 1976, 19(5): 236-243.
9Biba K J. Integrity considerations for secure computer sys- tems [EB/OL]. [2012-03-10]. ht(p://oai.dtic.mil/oai/oai?verb= getR ecord&metadataPrefix=html& identifier=ADA 039324.
10Bell D E, Padula L L. Secure computer system: Unified ex- position and Multics interpretation [EB/OL]. [2012-03-10]. http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix= html&identifier=ADA 023588.

1冯晓伟.保护隐私,我用“魔法”[J].网友世界,2010(12):4-4.
2雪痕.我的注册表你别动[J].网友世界,2009(8):19-19.
3一笑倾城.我的隐藏文件拒绝查看[J].网友世界,2009(13):19-19.
4张住军.锁住电脑秘密,保护信息安全[J].信息技术教育,2008(2):81-82.
5小小.保存秘密的无敌文件夹[J].科技展望（幻想大王）,2008(7):44-44.
6叶蕾,刘畅.韩崇昭:与科学的约定[J].中国科技奖励,2012(4):64-67.
7郭宁,张新.一致性哈希算法在多处理机进程分配的应用[J].计算机与现代化,2013(9):71-74. 被引量：5
8一飞冲天.WinXP下秘密文件的另类隐藏[J].黑客防线,2004(05S):64-67.
9杨利,周兴铭,吴涛.并行查询中的进程分配与调度[J].计算机科学,1995,22(6):26-29. 被引量：6
10郭辉,王智广,周敬利.异构分布式系统中基于负载均衡的容错调度算法[J].计算机学报,2005,28(11):1807-1816. 被引量：17

Wuhan University Journal of Natural Sciences

2012年第5期

浏览历史

内容加载中请稍等...

Effect:An Operational View Mechanism for Decentralized Information Flow Control

参考文献10

相关作者

相关机构

相关主题

浏览历史