Options
SP*: An Information Flow Secure Linux
Journal
19th IEEE International Symposium on Parallel and Distributed Processing with Applications, 11th IEEE International Conference on Big Data and Cloud Computing, 14th IEEE International Conference on Social Computing and Networking and 11th IEEE International Conference on Sustainable Computing and Communications, ISPA/BDCloud/SocialCom/SustainCom 2021
Date Issued
2021-01-01
Author(s)
Vyas, Parjanya
Shyamasundar, R. K.
Patil, Bhagyesh
Borse, Snehal
Sen, Satyaki
Abstract
Enforcement of information flow control (IFC) policies for OS to realize a sufficiently secure OS has been a challenging area of research. In this paper, our primary objective has been to present a fully information flow (IF) secure Linux that is usable with a minimal overhead without losing any of the existing functionalities. Towards such a goal, we describe the design, implementation and evaluation of a fully information flow secure Linux operating system called $'{\mathcal{S}}{\mathcal{P}}Linux'$ through complete mediation. Our approach first derives a labeled system (with initial inputs from the user in terms of the given Linux DAC policy) and manages further the labels automatically without users' intervention. It realizes complete mediation by interception of system calls and enforces IFC policy by implementing a recent decentralized security model that supports dynamic labelling and robust declassification. One of the distinct characteristics of the work is that the user has at his disposal all the features of Linux. We describe our experimental evaluation of $'{\mathcal{S}}{\mathcal{P}}Linux'$, its assessment of usability and performance evaluation with respect to other secure OS efforts. Results are quite encouraging in terms of performance, expressiveness, and usability.
Subjects