TitleAbstractions for Usable Information Flow Control in Aeolus
Publication TypeConference Paper
Year of Publication2012
AuthorsCheng W, Ports DRK, Schultz D, Popic V, Blankstein A, Cowling J, Curtis D, Shrira L, Liskov B
Conference NameUSENIX Annual Technical Conference
Date or Month PublishedJune
Conference LocationBoston, MA, USA

Despite the increasing importance of protecting confidential data, building secure software remains as challenging as ever. This paper describes Aeolus, a new platform for building secure distributed applications. Aeolus uses information flow control to provide confidentiality and data integrity. It differs from previous information flow control systems in a way that we believe makes it easier to understand and use. Aeolus uses a new, simpler security model, the first to combine a standard principal-based scheme for authority management with thread-granularity information flow tracking. The principal hierarchy matches the way developers already reason about authority and access control, and the coarse-grained information flow tracking eases the task of defining a program's security restrictions. In addition, Aeolus provides a number of new mechanisms (authority closures, compound tags, boxes, and shared volatile state) that support common design patterns in secure application design.

Citation Keycheng12:_abstr_usabl_infor_flow_contr_aeolus