BIFI: Architectural Support for Information Flow Integrity Measurement

Author

Hu, Hao ; Feng, Dengguo

Volume

3

fYear

2008

fDate

12-14 Dec. 2008

Firstpage

605

Lastpage

609

Abstract

Information flow security has been an important security requirement of existing operating systems, especially for distributed applications. We are interested in protecting information flow security with an eye to information flow integrity and trusted computing. Although people have studied these two aspects already, each alone is insufficient for system security. In this paper, we design an information flow integrity architecture called BIFI based on classical integrity model with trusted computing technology. Firstly, we define an extension to Biba integrity, called Biba-invoke, which has ameliorated the monotonic behavior of Biba. Secondly, in order to support our integrity model, modifications to the SELinux and kernel module of Linux is necessary. We prove that BIFI can protect information flow integrity with only a few changes to existing systems.

Keywords

Linux; data integrity; operating system kernels; security of data; Biba-invoke based information flow integrity measurement architecture; classical integrity model; information flow security; kernel module; security enhanced Linux module; trusted computing technology; Computer architecture; Computer science; Fluid flow measurement; Hardware; Information science; Information security; Linux; Protection; Software engineering; Software measurement; Biba-invoke integrity; Information flow; trusted computing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Software Engineering, 2008 International Conference on

Conference_Location

Wuhan, Hubei

Print_ISBN

978-0-7695-3336-0

Type

conf

DOI

10.1109/CSSE.2008.738

Filename

4722416