Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory - Sorbonne Université
Communication Dans Un Congrès Année : 2017

Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

Résumé

Information flow control can be used at the Operating System level to enforce restrictions on the diffusion of security-sensitive data. In Linux, information flow trackers are often implemented as Linux Security Modules. They can fail to monitor some indirect flows when flows occur concurrently and affect the same containers of information. Furthermore, they are not able to monitor the flows due to file mappings in memory and shared memory between processes. We first present two attacks to evade state-of-the-art LSM-based trackers. We then describe an approach, formally proved with Coq to perform information flow tracking able to cope with concurrency and in-memory flows. We demonstrate its implementability and usefulness in Rfblare, a race condition-free version of the flow tracking done by KBlare.
Fichier principal
Vignette du fichier
sefm2017.pdf (501.39 Ko) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01535949 , version 1 (09-06-2017)

Identifiants

Citer

Laurent Georget, Mathieu Jaume, Guillaume Piolle, Frédéric Tronel, Valérie Viet Triem Tong. Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory. 15th International Conference on Software Engineering and Formal Methods (SEFM 2017), Sep 2017, Trento, Italy. pp.1-16, ⟨10.1007/978-3-319-66197-1_1⟩. ⟨hal-01535949⟩
790 Consultations
522 Téléchargements

Altmetric

Partager

More