Abstract :
Information flow security has been an important security requirement of existing operating systems, especially for distributed applications. We are interested in protecting information flow security with an eye to information flow integrity and trusted computing. Although people have studied these two aspects already, each alone is insufficient for system security. In this paper, we design an information flow integrity architecture called BIFI based on classical integrity model with trusted computing technology. Firstly, we define an extension to Biba integrity, called Biba-invoke, which has ameliorated the monotonic behavior of Biba. Secondly, in order to support our integrity model, modifications to the SELinux and kernel module of Linux is necessary. We prove that BIFI can protect information flow integrity with only a few changes to existing systems.
Keywords :
Linux; data integrity; operating system kernels; security of data; Biba-invoke based information flow integrity measurement architecture; classical integrity model; information flow security; kernel module; security enhanced Linux module; trusted computing technology; Computer architecture; Computer science; Fluid flow measurement; Hardware; Information science; Information security; Linux; Protection; Software engineering; Software measurement; Biba-invoke integrity; Information flow; trusted computing;
