CT-T: A Clean-Slate Infrastructure for Information Flow Control
Stanford University, Stanford CA
Investigators
Abstract
Experience shows that most programmers can't write secure code. Few applications have the luxury of being written by security-conscious programmers, and thus the vast majority of all software is untrustworthy. At the same time, operating systems and networks have spectacularly failed to control the damage caused by subverted software. However, one technique--information flow control--has proven capable of limiting damage by buggy and even malicious software. The military has long used this technique to protect sensitive data against Trojan horses, but retrofitting existing operating systems with information flow control is a lengthy and difficult process, often unable to keep pace with the evolution of commodity software. We intend to develop a clean-slate infrastructure for distributed applications in which the lowest-level abstractions are specifically designed to control information flow. We will re-think the architecture of operating systems, networks, and even processors to realize an infrastructure that relies on a small, highly-secure, and, at least in part, mechanically checkable trusted computing base. On top of this base, we will implement interfaces that resemble the network programming APIs to which Unix programmers are accustomed. Our infrastructure will aim to give programmers as much freedom as possible to structure their applications, subject only to information flow constraints. Our motivating application will be scalable Internet web sites replicated across multiple servers.
View original record on NSF Award Search →