Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Securing Distributed Systems with Information Flow Control Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazi`eres
 

Summary: Securing Distributed Systems with Information Flow Control
Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazi`eres
Stanford University
ABSTRACT
Recent operating systems [12, 21, 26] have shown that
decentralized information flow control (DIFC) can se-
cure applications built from mostly untrusted code. This
paper extends DIFC to the network. We present DStar,
a system that enforces the security requirements of mu-
tually distrustful components through cryptography on
the network and local OS protection mechanisms on each
host. DStar does not require any fully-trusted processes
or machines, and is carefully constructed to avoid covert
channels inherent in its interface. We use DStar to build
a three-tiered web server that mitigates the effects of un-
trustworthy applications and compromised machines.
1 INTRODUCTION
Software systems are plagued by security vulnerabilities
in poorly-written application code. A particularly acute
example is web applications, which are constructed for

  

Source: Akella, Aditya - Department of Computer Sciences, University of Wisconsin at Madison

 

Collections: Computer Technologies and Information Sciences