| | |
Summary: Securing Distributed Systems with Information Flow Control
Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazi`eres
Stanford University
ABSTRACT
Recent operating systems [12, 21, 26] have shown that
decentralized information flow control (DIFC) can se-
cure applications built from mostly untrusted code. This
paper extends DIFC to the network. We present DStar,
a system that enforces the security requirements of mu-
tually distrustful components through cryptography on
the network and local OS protection mechanisms on each
host. DStar does not require any fully-trusted processes
or machines, and is carefully constructed to avoid covert
channels inherent in its interface. We use DStar to build
a three-tiered web server that mitigates the effects of un-
trustworthy applications and compromised machines.
1 INTRODUCTION
Software systems are plagued by security vulnerabilities
in poorly-written application code. A particularly acute
example is web applications, which are constructed for
|
