Formalizing Information Flow in a Haskell Hypervisor
نویسندگان
چکیده
Separation kernels are the holy grail of secure systems, remaining elusive despite years of research into their design, implementation, and analysis. Though separation kernel research has achieved many successes, the disconnect between information flow theory and system implementation is a significant barrier to further progress. In this paper, we show how a particular branch of information flow theory, noninterference, can be utilized to formulate correctness and security properties of a microkernelstyle hypervisor. Thus, we not only provide a first step towards a formally verified separation kernel, but also reduce the gap between information flow theory and operating systems practice.
منابع مشابه
Design and Implementation of a Hypervisor-Based Platform for Dynamic Information Flow Tracking in a Distributed Environment
Design and Implementation of a Hypervisor-Based Platform for Dynamic Information Flow Tracking in a Distributed Environment
متن کاملsHype: Secure Hypervisor Approach to Trusted Virtualized Systems
We present an operating system independent hypervisor security architecture and its application to control information flow between operating systems sharing a single hardware platform. New computing paradigms -such as Grid computing, On-demand services, or Web Servicesincreasingly depend on the security of the underlying computing infrastructure. A fundamental security problem today is that al...
متن کاملFlexible Dynamic Information Flow Control in Haskell Extended Version
We describe a new, dynamic, floating-label approach to languagebased information flow control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a current label and permits restricted access to IO functionality, while ensuring that the current label exceeds the labels of all data observed and restricts what can be modified. Unlike other language-based work, LIO a...
متن کاملTowards Running Parallel Programs on the Bare Metal via Virtualization
Decades of parallel computing practice have proven that highly parallel code runs efficiently only when it has uninterrupted access to the hardware. We report on a project whose goal is to support compiling Data Parallel Haskell code into bootable disk images. Our toolchain layers the Data Parallel Haskell runtime system on top of the GeekOS operating system and Newlib C library. We explain how...
متن کاملBuilding inference algorithms from monad transformers
We show how to decompose popular inference algorithms into a set of simple, reusable building blocks corresponding to monad transformers. We define a collection of such building blocks and implement them in Haskell producing a library for constructing inference algorithms in a modular fashion. We are also working towards formalizing those concepts as monadic denotational semantics for inference...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007