research-article

Neon: system support for derived data management

Authors:
Qing Zhang

UCSD, San Diego, CA, USA

UCSD, San Diego, CA, USA
View Profile

,
John McCullough

UCSD, San Diego, CA, USA

UCSD, San Diego, CA, USA
View Profile

,
Justin Ma

UCSD, San Diego, CA, USA

UCSD, San Diego, CA, USA
View Profile

,
Nabil Schear

UIUC, Champaign, IL, USA

UIUC, Champaign, IL, USA
View Profile

,
Michael Vrable

UCSD, San Diego, CA, USA

UCSD, San Diego, CA, USA
View Profile

,
Amin Vahdat

UCSD, San Diego, CA, USA

UCSD, San Diego, CA, USA
View Profile

,
Alex C. Snoeren

UCSD, San Diego, CA, USA

UCSD, San Diego, CA, USA
View Profile

,
Geoffrey M. Voelker

UCSD, San Diego, CA, USA

UCSD, San Diego, CA, USA
View Profile

,
Stefan Savage

UCSD, San Diego, CA, USA

UCSD, San Diego, CA, USA
View Profile

VEE '10: Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environmentsMarch 2010Pages 63–74https://doi.org/10.1145/1735997.1736008

Published:17 March 2010Publication History

VEE '10: Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Pages 63–74

ABSTRACT

Modern organizations face increasingly complex information management requirements. A combination of commercial needs, legal liability and regulatory imperatives has created a patchwork of mandated policies. Among these, personally identifying customer records must be carefully access-controlled, sensitive files must be encrypted on mobile computers to guard against physical theft, and intellectual property must be protected from both exposure and "poisoning." However, enforcing such policies can be quite difficult in practice since users routinely share data over networks and derive new files from these inputs--incidentally laundering any policy restrictions. In this paper, we describe a virtual machine monitor system called Neon that transparently labels derived data using byte-level "tints" and tracks these labels end to end across commodity applications, operating systems and networks. Our goal with Neon is to explore the viability and utility of transparent information flow tracking within conventional networked systems when used in the manner in which they were intended. We demonstrate that this mechanism allows the enforcement of a variety of data management policies, including data-dependent confinement, mandatory I/O encryption, and intellectual property management.

References

F. Bellard. QEMU, a Fast and Portable Dynamic Translator. In Proceedings of the USENIX Annual Technical Conference, Apr. 2005. Google ScholarDigital Library
B. Callaghan, B. Pawlowski, and P. Staubach. NFS Version 3 Protocol Specification. RFC 1813 (Informational), June 1995.Google ScholarDigital Library
W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting. In ISCC '06: Proceedings of the 11th IEEE Symposium on Computers and Communications, pages 749--754, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Secure Web Applications via Automatic Partitioning. In SOSP '07: Proceedings of the Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pages 31--44, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing Confidentiality and Integrity inWeb Applications. In Proceedings of the 16th USENIX Security Symposium, pages 1--16, Berkeley, CA, USA, August 2007. Google ScholarDigital Library
J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. In Proc. 13th USENIX Security Symposium, August 2004. Google ScholarDigital Library
M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In SOSP '05: Proceedings of the twentieth ACM Symposium on Operating Systems Principles, pages 133--147, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
J. R. Crandall and F. T. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. In MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, pages 221--232, Washington, DC, USA, 2004. IEEE Computer Society. Google ScholarDigital Library
M. Dalton, H. Kannan, and C. Kozyrakis. Deconstructing Hardware Architectures for Security. In Workshop on Duplicating, Deconstructing and Debugging, Boston, MA, June 2006.Google Scholar
D. E. Denning. A Lattice Model of Secure Information Flow. Commun. ACM, 19(5):236--243, 1976. Google ScholarDigital Library
D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Commun. ACM, 20(7):504--513, 1977. Google ScholarDigital Library
A. Dolya. Global Data Leakage Survey 2006. http://www.infowatch.com/, Feb. 2007.Google Scholar
B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, I. Pratt, A.Warfield, P. Barham, and R. Neugebauer. Xen and the Art of Virtualization. In Proceedings of the ACM Symposium on Operating Systems Principles, Oct. 2003. Google ScholarDigital Library
P. Efstathopoulos and E. Kohler. Manageable Fine-Grained Information Flow. In Eurosys '08: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pages 301--313, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and Event Processes in the Asbestos Operating System. In Proceedings of the 20th Symposium on Operating Systems Principles, Brighton, UK, October 2005. Google ScholarDigital Library
Free Software Foundation. Negotiating Compliance. http://www.fsf.org/licensing/dealt.html, 2007.Google Scholar
L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Richardson. CSI/FBI Computer Crime and Security Survey. http://i.cmpnet.com/gocsi/db area/pdfs/fbi/FBI2006.pdf, 2006.Google Scholar
A. Ho, M. Fetterman, C. Clark, A. Warfield, and S. Hand. Practical Taint-Based Protection using Demand Emulation. In Proceedings of the ACM Eurosys Conference, 2006. Google ScholarDigital Library
V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure Execution via Program Shepherding. In Proceedings of the 11th USENIX Security Symposium, pages 191--206, Berkeley, CA, USA, 2002. USENIX Association. Google ScholarDigital Library
M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information Flow Control for Standard OS Abstractions. In SOSP '07: Proceedings of the Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pages 321--334, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
C. Laird. Taking a Hard-Line Approach to Encryption. IEEE Computer, 40(3), 2007. Google ScholarDigital Library
K.-K. Muniswamy-Reddy and D. A. Holland. Causality-Based Versioning. In FAST '09: Proccedings of the 7th conference on File and storage technologies, pages 15--28, Berkeley, CA, USA, 2009. USENIX Association. Google ScholarDigital Library
K.-K. Muniswamy-Reddy, D. A. Holland, U. Braun, and M. Seltzer. Provenance-aware Storage Systems. In ATEC '06: Proceedings of the annual conference on USENIX '06 Annual Technical Conference, pages 4--4, Berkeley, CA, USA, 2006. USENIX Association. Google ScholarDigital Library
A. C. Myers. JFlow: Practical Mostly-Static Information Flow Control. In POPL '99: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 228--241, New York, NY, USA, 1999. ACM Press. Google ScholarDigital Library
A. C. Myers and B. Liskov. A Decentralized Model for Information Flow Control. In SOSP '97: Proceedings of the sixteenth ACM Symposium on Operating Systems Principles, pages 129--142, New York, NY, USA, 1997. ACM Press. Google ScholarDigital Library
S. Mysore, B. Mazloom, B. Agrawal, and T. Sherwood. Understanding and Visualizing Full Systems with Data Flow Tomography. In ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, pages 211--221, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
S. K. Nair, P. N. D. Simpson, B. Crispo, and A. S. Tanenbaum. A Virtual Machine Based Information Flow Control System for Policy Enforcement. Electron. Notes Theor. Comput. Sci., 197(1):3--16, 2008. Google ScholarDigital Library
J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005.Google Scholar
U. G. D. of Veterans Affairs. Latest Information on Veterans Affairs Data Security. http://www.usa.gov/veteransinfo/, Mar. 2007.Google Scholar
S. O'Hanlon. Spy Laptop Safety No Longer Mission Impossible. Reuters, Aug. 2001.Google Scholar
G. Portokalidis, A. Slowinska, and H. Bos. Argos: an Emulator for Fingerprinting Zero--Day Attacks. In in Proc. ACM SIGOPS EUROSYS, 2006. Google ScholarDigital Library
F. Qin, S. Lu, and Y. Zhou. SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs. In HPCA '05: Proceedings of the 11th International Symposium on High-Performance Computer Architecture, pages 291--302, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
D. Reilly. Hotels.com Credit-Card Data Lost in Stolen Laptop Computer. Wall Street Journal, June 2006.Google Scholar
U. S. Sergeant at Arms. Testimony of The Computer Report. REPORT ON THE INVESTIGATION INTO IMPROPER ACCESS TO THE SENATE JUDICIARY COMMITTEE'S COMPUTER SYSTEM, 2004.Google Scholar
A. Slowinska and H. Bos. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. In Proceedings of the 4th ACM European Conference on Computer Systems, pages 61--74, Nuremberg, Germany, 2009 Google ScholarDigital Library
G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. In ASPLOSXI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, pages 85--96, New York, NY, USA, 2004. ACM Press. Google ScholarDigital Library
N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, pages 243--254, Washington, DC, USA, 2004. IEEE Computer Society. Google ScholarDigital Library
H. Welte. Netfilter libnetfilter queue. http://www.netfilter.org/.Google Scholar
J. Xu and N. Nakka. Defeating Memory Corruption Attacks via Pointer Taintedness Detection. In DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN'05), pages 378--387, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
N. Zeldoch, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making Information Flow Explicit in Histar. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, Seattle, WA, November 2006. Google ScholarDigital Library
N. Zeldovich, S. Boyd-Wickizer, and D. Mazières. Securing Distributed Systems with Information Flow Control. In NSDI'08: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, pages 293--308, Berkeley, CA, USA, 2008. USENIX Association. Google ScholarDigital Library
N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware Enforcement of Application Security Policies Using Tagged Memory. In R. Draves and R. van Renesse, editors, OSDI, pages 225--240. USENIX Association, 2008. Google ScholarDigital Library

Index Terms

Neon: system support for derived data management
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Neon: system support for derived data management
VEE '10

Modern organizations face increasingly complex information management requirements. A combination of commercial needs, legal liability and regulatory imperatives has created a patchwork of mandated policies. Among these, personally identifying customer ...
Read More
Transparently bridging semantic gap in CPU management for virtualized environments

Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunction with virtual desktop infrastructure and cloud computing. Unpredictable workloads, however, aggravate the semantic gap between the virtual ...
Read More
A Technical Review for Efficient Virtual Machine Migration
CUBE '13: Proceedings of the 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies

This paper presents the recent technical research survey on the efficient live migration of virtual machines. Virtual machine migration is required for many reasons like load balancing, energy reduction, dynamic resizing, and to increase availability. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
VEE '10: Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
March 2010
176 pages
ISBN:9781605589107
DOI:10.1145/1735997
General Chair:
Marc E. Fiuczynski
Princeton University
,
Program Chairs:
Emery Berger
University of Massachusetts, Amherst
,
Andrew Warfield
University of British Columbia
ACM SIGPLAN Notices Volume 45, Issue 7
VEE '10
July 2010
161 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1837854
Issue’s Table of Contents
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 17 March 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
difc
memory tainting
qemu
virtualization
xen
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate80of235submissions,34%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 19
  Total Citations
  View Citations
- 459
  Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Neon: system support for derived data management

VEE '10: Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

ABSTRACT

References

Cited By

Index Terms

Recommendations

Neon: system support for derived data management

Transparently bridging semantic gap in CPU management for virtualized environments

A Technical Review for Efficient Virtual Machine Migration