ABSTRACT
Modern organizations face increasingly complex information management requirements. A combination of commercial needs, legal liability and regulatory imperatives has created a patchwork of mandated policies. Among these, personally identifying customer records must be carefully access-controlled, sensitive files must be encrypted on mobile computers to guard against physical theft, and intellectual property must be protected from both exposure and "poisoning." However, enforcing such policies can be quite difficult in practice since users routinely share data over networks and derive new files from these inputs--incidentally laundering any policy restrictions. In this paper, we describe a virtual machine monitor system called Neon that transparently labels derived data using byte-level "tints" and tracks these labels end to end across commodity applications, operating systems and networks. Our goal with Neon is to explore the viability and utility of transparent information flow tracking within conventional networked systems when used in the manner in which they were intended. We demonstrate that this mechanism allows the enforcement of a variety of data management policies, including data-dependent confinement, mandatory I/O encryption, and intellectual property management.
- F. Bellard. QEMU, a Fast and Portable Dynamic Translator. In Proceedings of the USENIX Annual Technical Conference, Apr. 2005. Google ScholarDigital Library
- B. Callaghan, B. Pawlowski, and P. Staubach. NFS Version 3 Protocol Specification. RFC 1813 (Informational), June 1995.Google ScholarDigital Library
- W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting. In ISCC '06: Proceedings of the 11th IEEE Symposium on Computers and Communications, pages 749--754, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
- S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Secure Web Applications via Automatic Partitioning. In SOSP '07: Proceedings of the Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pages 31--44, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing Confidentiality and Integrity inWeb Applications. In Proceedings of the 16th USENIX Security Symposium, pages 1--16, Berkeley, CA, USA, August 2007. Google ScholarDigital Library
- J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. In Proc. 13th USENIX Security Symposium, August 2004. Google ScholarDigital Library
- M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In SOSP '05: Proceedings of the twentieth ACM Symposium on Operating Systems Principles, pages 133--147, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- J. R. Crandall and F. T. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. In MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, pages 221--232, Washington, DC, USA, 2004. IEEE Computer Society. Google ScholarDigital Library
- M. Dalton, H. Kannan, and C. Kozyrakis. Deconstructing Hardware Architectures for Security. In Workshop on Duplicating, Deconstructing and Debugging, Boston, MA, June 2006.Google Scholar
- D. E. Denning. A Lattice Model of Secure Information Flow. Commun. ACM, 19(5):236--243, 1976. Google ScholarDigital Library
- D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Commun. ACM, 20(7):504--513, 1977. Google ScholarDigital Library
- A. Dolya. Global Data Leakage Survey 2006. http://www.infowatch.com/, Feb. 2007.Google Scholar
- B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, I. Pratt, A.Warfield, P. Barham, and R. Neugebauer. Xen and the Art of Virtualization. In Proceedings of the ACM Symposium on Operating Systems Principles, Oct. 2003. Google ScholarDigital Library
- P. Efstathopoulos and E. Kohler. Manageable Fine-Grained Information Flow. In Eurosys '08: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pages 301--313, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and Event Processes in the Asbestos Operating System. In Proceedings of the 20th Symposium on Operating Systems Principles, Brighton, UK, October 2005. Google ScholarDigital Library
- Free Software Foundation. Negotiating Compliance. http://www.fsf.org/licensing/dealt.html, 2007.Google Scholar
- L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Richardson. CSI/FBI Computer Crime and Security Survey. http://i.cmpnet.com/gocsi/db area/pdfs/fbi/FBI2006.pdf, 2006.Google Scholar
- A. Ho, M. Fetterman, C. Clark, A. Warfield, and S. Hand. Practical Taint-Based Protection using Demand Emulation. In Proceedings of the ACM Eurosys Conference, 2006. Google ScholarDigital Library
- V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure Execution via Program Shepherding. In Proceedings of the 11th USENIX Security Symposium, pages 191--206, Berkeley, CA, USA, 2002. USENIX Association. Google ScholarDigital Library
- M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information Flow Control for Standard OS Abstractions. In SOSP '07: Proceedings of the Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pages 321--334, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- C. Laird. Taking a Hard-Line Approach to Encryption. IEEE Computer, 40(3), 2007. Google ScholarDigital Library
- K.-K. Muniswamy-Reddy and D. A. Holland. Causality-Based Versioning. In FAST '09: Proccedings of the 7th conference on File and storage technologies, pages 15--28, Berkeley, CA, USA, 2009. USENIX Association. Google ScholarDigital Library
- K.-K. Muniswamy-Reddy, D. A. Holland, U. Braun, and M. Seltzer. Provenance-aware Storage Systems. In ATEC '06: Proceedings of the annual conference on USENIX '06 Annual Technical Conference, pages 4--4, Berkeley, CA, USA, 2006. USENIX Association. Google ScholarDigital Library
- A. C. Myers. JFlow: Practical Mostly-Static Information Flow Control. In POPL '99: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 228--241, New York, NY, USA, 1999. ACM Press. Google ScholarDigital Library
- A. C. Myers and B. Liskov. A Decentralized Model for Information Flow Control. In SOSP '97: Proceedings of the sixteenth ACM Symposium on Operating Systems Principles, pages 129--142, New York, NY, USA, 1997. ACM Press. Google ScholarDigital Library
- S. Mysore, B. Mazloom, B. Agrawal, and T. Sherwood. Understanding and Visualizing Full Systems with Data Flow Tomography. In ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, pages 211--221, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- S. K. Nair, P. N. D. Simpson, B. Crispo, and A. S. Tanenbaum. A Virtual Machine Based Information Flow Control System for Policy Enforcement. Electron. Notes Theor. Comput. Sci., 197(1):3--16, 2008. Google ScholarDigital Library
- J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005.Google Scholar
- U. G. D. of Veterans Affairs. Latest Information on Veterans Affairs Data Security. http://www.usa.gov/veteransinfo/, Mar. 2007.Google Scholar
- S. O'Hanlon. Spy Laptop Safety No Longer Mission Impossible. Reuters, Aug. 2001.Google Scholar
- G. Portokalidis, A. Slowinska, and H. Bos. Argos: an Emulator for Fingerprinting Zero--Day Attacks. In in Proc. ACM SIGOPS EUROSYS, 2006. Google ScholarDigital Library
- F. Qin, S. Lu, and Y. Zhou. SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs. In HPCA '05: Proceedings of the 11th International Symposium on High-Performance Computer Architecture, pages 291--302, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
- D. Reilly. Hotels.com Credit-Card Data Lost in Stolen Laptop Computer. Wall Street Journal, June 2006.Google Scholar
- U. S. Sergeant at Arms. Testimony of The Computer Report. REPORT ON THE INVESTIGATION INTO IMPROPER ACCESS TO THE SENATE JUDICIARY COMMITTEE'S COMPUTER SYSTEM, 2004.Google Scholar
- A. Slowinska and H. Bos. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. In Proceedings of the 4th ACM European Conference on Computer Systems, pages 61--74, Nuremberg, Germany, 2009 Google ScholarDigital Library
- G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. In ASPLOSXI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, pages 85--96, New York, NY, USA, 2004. ACM Press. Google ScholarDigital Library
- N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, pages 243--254, Washington, DC, USA, 2004. IEEE Computer Society. Google ScholarDigital Library
- H. Welte. Netfilter libnetfilter queue. http://www.netfilter.org/.Google Scholar
- J. Xu and N. Nakka. Defeating Memory Corruption Attacks via Pointer Taintedness Detection. In DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN'05), pages 378--387, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
- N. Zeldoch, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making Information Flow Explicit in Histar. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, Seattle, WA, November 2006. Google ScholarDigital Library
- N. Zeldovich, S. Boyd-Wickizer, and D. Mazières. Securing Distributed Systems with Information Flow Control. In NSDI'08: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, pages 293--308, Berkeley, CA, USA, 2008. USENIX Association. Google ScholarDigital Library
- N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware Enforcement of Application Security Policies Using Tagged Memory. In R. Draves and R. van Renesse, editors, OSDI, pages 225--240. USENIX Association, 2008. Google ScholarDigital Library
Index Terms
- Neon: system support for derived data management
Recommendations
Neon: system support for derived data management
VEE '10Modern organizations face increasingly complex information management requirements. A combination of commercial needs, legal liability and regulatory imperatives has created a patchwork of mandated policies. Among these, personally identifying customer ...
Transparently bridging semantic gap in CPU management for virtualized environments
Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunction with virtual desktop infrastructure and cloud computing. Unpredictable workloads, however, aggravate the semantic gap between the virtual ...
A Technical Review for Efficient Virtual Machine Migration
CUBE '13: Proceedings of the 2013 International Conference on Cloud & Ubiquitous Computing & Emerging TechnologiesThis paper presents the recent technical research survey on the efficient live migration of virtual machines. Virtual machine migration is required for many reasons like load balancing, energy reduction, dynamic resizing, and to increase availability. ...
Comments