Effect: An operational view mechanism for decentralized information flow control |
| |
Authors: | Fei Yan Jingya Tang Shengchao Xiong Juan Wang |
| |
Institution: | Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, Hubei, China; 2. School of Computer, Wuhan University, Wuhan 430072, Hubei, China |
| |
Abstract: | Flume, which implements decentralized information flow control (DIFC), allows a high security level process to "pre-create" secret files in a low security level directory. However, the pre-create mechanism makes some normal system calls unavailable, and moreover, it needs priori knowledge to create a large quantity of objects, which is difficult to estimate in practical operating systems. In this paper, we present an extended Flume file access control mechanism, named Effect, to substitute the mechanism of pre-create, which permits write operations (create, delete, and rename a file) on directories and creates a file access virtual layer that allocates operational views for each process with noninterference properties. In the end, we further present an analysis on the security of Effect. Our work makes it easier for multi-user to share confidential information in decentralized information flow control systems. |
| |
Keywords: | decentralized information flow control precreate operational view file access virtual layer |
本文献已被 CNKI SpringerLink 等数据库收录! |
|