Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

Laurent Georget 1 Mathieu Jaume 2 Guillaume Piolle 1 Frédéric Tronel 1 Valérie Viet Triem Tong 1
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA_D1 - SYSTÈMES LARGE ÉCHELLE
2 MoVe - Modélisation et Vérification
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Information flow control can be used at the Operating System level to enforce restrictions on the diffusion of security-sensitive data. In Linux, information flow trackers are often implemented as Linux Security Modules. They can fail to monitor some indirect flows when flows occur concurrently and affect the same containers of information. Furthermore, they are not able to monitor the flows due to file mappings in memory and shared memory between processes. We first present two attacks to evade state-of-the-art LSM-based trackers. We then describe an approach, formally proved with Coq to perform information flow tracking able to cope with concurrency and in-memory flows. We demonstrate its implementability and usefulness in Rfblare, a race condition-free version of the flow tracking done by KBlare.
Type de document :
Communication dans un congrès
Alessandro Cimatti; Marjan Sirjani. 15th International Conference on Software Engineering and Formal Methods (SEFM 2017), Sep 2017, Trento, Italy. Springer International Publishing, Proceedings of the 15th International Conference on Software Engineering and Formal Methods (SEFM 2017), pp.1-16, 2017, LNCS. 〈http://sefm17.fbk.eu/〉. 〈10.1007/978-3-319-66197-1_1〉
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

http://hal.upmc.fr/hal-01535949
Contributeur : Mathieu Jaume <>
Soumis le : vendredi 9 juin 2017 - 17:29:56
Dernière modification le : jeudi 11 janvier 2018 - 06:28:14

Fichier

sefm2017.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Laurent Georget, Mathieu Jaume, Guillaume Piolle, Frédéric Tronel, Valérie Viet Triem Tong. Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory. Alessandro Cimatti; Marjan Sirjani. 15th International Conference on Software Engineering and Formal Methods (SEFM 2017), Sep 2017, Trento, Italy. Springer International Publishing, Proceedings of the 15th International Conference on Software Engineering and Formal Methods (SEFM 2017), pp.1-16, 2017, LNCS. 〈http://sefm17.fbk.eu/〉. 〈10.1007/978-3-319-66197-1_1〉. 〈hal-01535949〉

Partager

Métriques

Consultations de la notice

344

Téléchargements de fichiers

27