RIFLE: An Architectural Framework for User-Centric Information-Flow Security [abstract] (ACM DL, PDF)
Neil Vachharajani, Matthew J. Bridges, Jonathan Chang, Ram Rangan, Guilherme Ottoni, Jason A. Blome, George A. Reis, Manish Vachharajani, and David I. August
Proceedings of the 37th International Symposium on
Microarchitecture (MICRO), December 2004.
Accept Rate: 18% (29/158).
Even as modern computing systems allow the manipulation and
distribution of massive amounts of information, users of these systems
are unable to manage the confidentiality of their data in a practical
fashion. Conventional access control security mechanisms cannot
prevent the illegitimate use of privileged data once access is
granted. For example, information provided by a user during an online
purchase may be covertly delivered to malicious third parties by an
untrustworthy web browser. Existing information flow security
mechanisms do provide this assurance, but only for
programmer-specified policies enforced during program development as a
static analysis on special-purpose type-safe languages. Not only are
these techniques not applicable to many commonly used programs, but
they leave the user with no defense against malicious programmers or
altered binaries. In this paper, we propose RIFLE, a runtime information flow security
system designed from the user's perspective. By addressing
information flow security using architectural support, RIFLE gives
users a practical way to enforce their own information flow security
policy on all programs. We prove that, contrary to statements in the
literature, runtime systems like RIFLE are no less secure than
existing language-based techniques. Using a model of the
architectural framework and a binary translator, we demonstrate
RIFLE's correctness and illustrate that the performance cost is
reasonable.