Maxwell Krohn, MIT

Securing Servers With Decentralized Information Flow Control

Date: 26 Feb 2008
Time: 11 a.m. - 12 p.m.
Location: Klaus 1116E

Abstract

Today's operating systems struggle to contain the effects of malicious application code. For a desktop PC, one bad software download can reveal the entire contents of the PC's hard drive. On servers, one bad Web application component can reveal the entire contents of a site's database. In both cases, bad software can maliciously overwrite important data. Far from receding, these security flaws are finding their way into new server-side computing platforms, such as Facebook applications.

Our solution is Decentralized Information Flow Control (DIFC) at the OS level. DIFC systems track the flow of secret and high-integrity data as they are copied from file to file and communicated from process to process. In the end, the operating system lets modules known as 'declassifiers' determine the policy for secret data exiting to the network and for impure applications overwriting important files. Example policies include ``only reveal Alice's secret data to Alice's Web client'' or ``only local, authorized text-editors can overwrite this file.'' DIFC provides better security than standard OSes because it allows developers to concentrate security-critical code in small, audit-friendly declassifiers, which remain small and contained even as the overall system balloons with new features.

This talk presents DIFC, an implementation of DIFC for Linux, and a case study of a complex, popular open-source application (MoinMoin Wiki) secured with DIFC. MoinMoin is a prototype for more ambitious and general work to come, such as a novel server-side application platform with encouraging security guarantees.

Joint work with: Micah Brodsky, Natan Cliffer, Petros Efstathopoulos, Cliff Frey, Eddie Kohler, David Mazieres, Robert Morris, Frans Kaashoek, Steve VanDeBogart, Mike Walfish, Alex Yip, David Ziegler

Speaker Bio

Maxwell Krohn is a PhD candidate in Computer Science at MIT. He received his BA from Harvard in 1999, and was a staff research scientist at NYU from 2002-2003. In between, he co-founded and co-built several community Web sites, some vintage (TheSpark.com), others live and kicking (SparkNotes.com and OkCupid.com). His research interests are in operating systems, distributed systems and security.

Host: Nick Feamster


Last updated: Fri Feb 29 00:56:21 -0500 2008 [validate xhtml]

Please contact Nick Feamster with updates and corrections.