Abstract
Flume, which implements decentralized information flow control (DIFC), allows a high security level process to “pre-create” secret files in a low security level directory. However, the pre-create mechanism makes some normal system calls unavailable, and moreover, it needs priori knowledge to create a large quantity of objects, which is difficult to estimate in practical operating systems. In this paper, we present an extended Flume file access control mechanism, named Effect, to substitute the mechanism of pre-create, which permits write operations (create, delete, and rename a file) on directories and creates a file access virtual layer that allocates operational views for each process with noninterference properties. In the end, we further present an analysis on the security of Effect. Our work makes it easier for multi-user to share confidential information in decentralized information flow control systems.
Similar content being viewed by others
References
Myers A C, Liskov B. Protecting privacy using the decentralized label model [J]. ACM Transactions on Software Engineering and Methodology, 2000, 9(4): 410–442.
Sabelfeld A, Myers A C. Language-based information-flow security [J]. IEEE Journal on Selected Areas in Communications, 2006, 21(1): 5–19.
Simonet V, Rocquencourt I. Flow Caml in a nutshell [EB/OL]. [2012-03-12]. http://www.cs.nott.ac.uk/~gmh/appsem-papers/simonet.pdf.
Krohn M, Yip A, Brodsky M, et al. Information flow control for standard OS abstractions [C]// Proc 21st ACM symposium on Operating systems principles, New York: ACM Press, 2007: 321–334.
Efstathopoulos P, Krohn M, Frey C, et al. Labels and event processes in the Asbestos operating system [C]// Proc 20th ACM symposium on Operating systems principles, New York: ACM Press, 2005: 17–30.
Zeldovich N, Boyd-Wickizer S, Kohler E, et al. Making information flow explicit in HiStar [C]// Proc 7th Symposium on Operating Systems Design and Implementation, San Francisco: USENIX Association Berkeley, 2006: 263–278.
Roy I, Bond M, Porter D, et al. Laminar: practical fine-grained decentralized information flow control [C]// Proc of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, New York: ACM Press, 2009: 63–74.
Denning D E. A lattice model of secure information flow [J]. Communications of the ACM, 1976, 19(5): 236–243.
Biba K J. Integrity considerations for secure computer systems [EB/OL]. http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA039324.[2012-03-10].
Bell D E, Padula L L. Secure computer system: Unified exposition and Multics interpretation [EB/OL]. [2012-03-10]. http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA023588.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (61003268, 61103220, 91118003, 61173138, 61170022), Hubei Provincial Natural Science Foundation(2010CDB08601), The Fundamental Research Funds for the Central Universities (3101038, 274629).
Biography: YAN Fei, male, Associate professor, Ph.D., research direction: information security and trusted computing.
Rights and permissions
About this article
Cite this article
Yan, F., Tang, J., Xiong, S. et al. Effect: An operational view mechanism for decentralized information flow control. Wuhan Univ. J. Nat. Sci. 17, 435–440 (2012). https://doi.org/10.1007/s11859-012-0866-8
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-012-0866-8