Information Flow Control for Distributed Trusted Execution Environments

Gollamudi, Anitha; Chong, Stephen; Arden, Owen

doi:10.1109/csf.2019.00028

Cited by 12 publications

(5 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unlike DAC models, which primarily focus on access control within applications, IFT ensures dynamic control over data flow based on predefined security labels [36]. One more option that adds value is IFT's ability to make consumers' data be limitedly labeled [37].…”

Section: Information Flow Tracking (Ift)mentioning

confidence: 99%

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Alqahtani,

Almutairi,

Sheldon

2024

Future Internet

View full text Add to dashboard Cite

This study provides a comprehensive review and comparative analysis of existing Information Flow Tracking (IFT) tools which underscores the imperative for mitigating data leakage in complex cloud systems. Traditional methods impose significant overhead on Cloud Service Providers (CSPs) and management activities, prompting the exploration of alternatives such as IFT. By augmenting consumer data subsets with security tags and deploying a network of monitors, IFT facilitates the detection and prevention of data leaks among cloud tenants. The research here has focused on preventing misuse, such as the exfiltration and/or extrusion of sensitive data in the cloud as well as the role of anonymization. The CloudMonitor framework was envisioned and developed to study and design mechanisms for transparent and efficient IFT (eIFT). The framework enables the experimentation, analysis, and validation of innovative methods for providing greater control to cloud service consumers (CSCs) over their data. Moreover, eIFT enables enhanced visibility to assess data conveyances by third-party services toward avoiding security risks (e.g., data exfiltration). Our implementation and validation of the framework uses both a centralized and dynamic IFT approach to achieve these goals. We measured the balance between dynamism and granularity of the data being tracked versus efficiency. To establish a security and performance baseline for better defense in depth, this work focuses primarily on unique Dynamic IFT tracking capabilities using e.g., Infrastructure as a Service (IaaS). Consumers and service providers can negotiate specific security enforcement standards using our framework. Thus, this study orchestrates and assesses, using a series of real-world experiments, how distinct monitoring capabilities combine to provide a comparatively higher level of security. Input/output performance was evaluated for execution time and resource utilization using several experiments. The results show that the performance is unaffected by the magnitude of the input/output data that is tracked. In other words, as the volume of data increases, we notice that the execution time grows linearly. However, this increase occurs at a rate that is notably slower than what would be anticipated in a strictly proportional relationship. The system achieves an average CPU and memory consumption overhead profile of 8% and 37% while completing less than one second for all of the validation test runs. The results establish a performance efficiency baseline for a better measure and understanding of the cost of preserving confidentiality, integrity, and availability (CIA) for cloud Consumers and Providers (C&P). Consumers can scrutinize the benefits (i.e., security) and tradeoffs (memory usage, bandwidth, CPU usage, and throughput) and the cost of ensuring CIA can be established, monitored, and controlled. This work provides the primary use-cases, formula for enforcing the rules of data isolation, data tracking policy framework, and the basis for managing confidential data flow and data leak prevention using the CloudMonitor framework.

show abstract

Section: Information Flow Tracking (Ift)mentioning

confidence: 99%

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Alqahtani,

Almutairi,

Sheldon

2024

Future Internet

View full text Add to dashboard Cite

show abstract

“…By contrast, our approach enforces robustness for a mainstream language like Java. Recent work by Gollamudi et al [42] uses enclaves to enforce more expressive confidentiality and integrity against passive attackers in a distributed setting. Like us, both works come with soundness proofs of security, with the key difference that our work targets robustness instead of variants of noninterference.…”

Section: Related Workmentioning

confidence: 99%

Language Support for Secure Software Development with Enclaves

Oak

Ahmadian

Balliu

et al. 2021

2021 IEEE 34th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Confidential computing is a promising technology for securing code and data-in-use on untrusted host machines, e.g., the cloud. Many hardware vendors offer different implementations of Trusted Execution Environments (TEEs). A TEE is a hardware protected execution environment that allows performing confidential computations over sensitive data on untrusted hosts. Despite the appeal of achieving strong security guarantees against low-level attackers, two challenges hinder the adoption of TEEs. First, developing software in high-level managed languages, e.g., Java or Scala, taking advantage of existing TEEs is complex and error-prone. Second, partitioning an application into components that run inside and outside a TEE may break application-level security policies, resulting in an insecure application when facing a realistic attacker.In this work, we study both these challenges. We present JE, a programming model that seamlessly integrates a TEE, abstracting away low-level programming details such as initialization and loading of data into the TEE. JE only requires developers to add annotations to their programs to enable the execution within the TEE. Drawing on information flow control, we develop a security type system that checks confidentiality and integrity policies against realistic attackers with full control over the code running outside the TEE. We formalize the security type system for the JE core and prove it sound for a semantic characterization of security. We implement JE and the security type system, enable Java programs to run on Intel SGX with strong security guarantees. We evaluate our approach on use cases from the literature, including a battleship game, a secure event processing system, and a popular processing framework for big data, showing that we correctly handle complex cases of partitioning, information flow, declassification, and trust.

show abstract

“…Enclaves and information flow control: Gollamudi et al [20] consider information flow control for enclave applications focusing on erasure policies. DFLATE [27] presents noninterference guarantees in distributed TEEs settings. In contrast to these works, J E provides robustness guarantees against stronger active attackers.…”

Section: Related Workmentioning

confidence: 99%

Enclave-Based Secure Programming with J_E

Oak

Ahmadian

Balliu

et al. 2021

2021 IEEE Secure Development Conference (SecDev)

View full text Add to dashboard Cite

Over the past few years, major hardware vendors have started offering processors that support Trusted Execution Environments (TEEs) allowing confidential computations over sensitive data on untrusted hosts. Unfortunately, developing applications that use TEEs remains challenging. Current solutions require using low-level languages (e.g., C/C++) to handle the TEE management process manually -a complex and error-prone task. Worse, the separation of the application into components that run inside and outside the TEE may lead to information leaks. In summary, TEEs are a powerful means to design secure applications, but there is still a long way to building secure software with TEEs alone.In this work, we present JE, a programming model for developing TEE-enabled applications where developers only need to annotate Java programs to define application-level security policies and run them securely inside enclaves.

show abstract

Information Flow Control for Distributed Trusted Execution Environments

Cited by 12 publications

References 34 publications

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Language Support for Secure Software Development with Enclaves

Enclave-Based Secure Programming with J_E

Contact Info

Product

Resources

About

Information Flow Control for Distributed Trusted Execution Environments

Cited by 12 publications

References 34 publications

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Language Support for Secure Software Development with Enclaves

Enclave-Based Secure Programming with JE

Contact Info

Product

Resources

About

Enclave-Based Secure Programming with J_E