Collaborative Research: CT-T: Flexible, Decentralized Information-flow Control for Dynamic Environments

Award #: 0524132
Amount Awarded: $234,585
Sponsoring Organization: NSF (CCF)
Grant Period: 2005-2008
Primary Investigator(s): Patrick McDaniel

Abstract

Protecting confidential information in dynamic, distributed environments whose participants have heterogeneous trust relationships is an important and difficult challenge. An important problem is how to consistently enforce security constraints in a practical manner as policies and the systems themselves evolve over time. Without care, inconsistently-viewed updates to policy could allow a principal to perform actions granted by an old policy, or worse, could allow a principal to release information or perform actions authorized by neither an old nor a new policy, but rather an illegal combination of the two.

The objective of the proposed research is to develop, implement, and evaluate security infrastructure for providing strong end-to-end security guarantees in dynamic environments where policy can change. The researchers will explore a novel synthesis of the state-of-the-art in security-typed programming languages for governing information flow; analysis for uncovering dependencies between principals, programs, and policies; and distributed protocols for coordinating policy updates. To motivate and validate the design decisions, this infrastructure will be incorporated into the programming language Cyclone, a type-safe variant of C, and used to build and evaluate distributed file system.

Related Research Projects

Secure Languages

Related Publications

Boniface Hicks, Timothy Misiak, and Patrick McDaniel, Channels: Runtime System Infrastructure for Security-typed Languages. 23rd Annual Computer Security Applications Conference (ACSAC), December 2007.

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, From Trusted to Secure: Building and Executing Applications that Enforce System Security. Proceedings of the USENIX Annual Technical Conference, June 2007. [Full Paper: pdf Abstract]

Boniface Hicks, Dave King, and Patrick McDaniel, Jifclipse: Development Tools for Security-Typed Applications. Proceedings of the 2nd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '07), ACM Press, June 14 2007. Editor: Michael Hicks. [Full Paper: pdf Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, Integrating SELinux with Security-typed Languages. Third Annual Security Enhanced Linux Symposium, March 2007. [Full Paper: pdf Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, From Trusted to Secure: Building and Executing Applications that Enforce System Security. Technical Report NAS-TR-0061-2007, Network and Security Research Center, January 2007.

Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel, Understanding Practical Application Development in Security-typed Languages. 22st Annual Computer Security Applications Conference (ACSAC), December 2006. [Full Paper: pdf Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, Breaking Down the Walls of Mutual Distrust: Security-typed Email Using Labeled IPsec. Technical Report NAS-TR-0049-2006, Network and Security Research Center, September 2006.

Boniface Hicks, Dave King, Patrick McDaniel, and Michael Hicks, Trusted Declassification: High-level policy for a security-typed language. Proceedings of the 1st ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '06), ACM Press, June 10 2006. [Full Paper: pdf Abstract]

Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel, From Languages to Systems: Understanding Practical Application Development in Security-typed Languages. Technical Report NAS-TR-0035-2006, Network and Security Research Center, April 2006.

Boniface Hicks, Dave King, and Patrick McDaniel, Declassification with Cryptographic Functions in a Security-Typed Language. Technical Report NAS-TR-0004-2005, Network and Security Center, January 2005. (updated May 2005). [Full Paper: Abstract]