Securing the Web With Decentralized Information Flow Control

Channel:
Microsoft Research
Subscribers:
345,000
Published on ● Video Link: https://www.youtube.com/watch?v=EJb7rhRNwkU


Category:
Guide
Duration: 1:21:04
271 views
3

The recent successes of server-side applications (e.g. Google and Facebook applications) hint that tomorrow's computing platform might not be the local desktop but rather the extensible remote Web site. Unfortunately, these new server-side platforms, built on conventional operating systems, are committing the same security mistakes already ossified in today's insecure desktops. In this talk, I will discuss how to secure both today's Web sites and tomorrow's Web computing platforms with a new OS technique called Decentralized Information Flow Control (DIFC). A DIFC system tracks the flow of secret data as it is copied from file to file and communicated from process to process. In the end, the OS lets modules known as declassifiers legislate policies for secret data exiting to the network. DIFC provides better security than standard OSes because it allows developers to concentrate security-critical code in small, audit-friendly declassifiers, which remain small and contained even as the overall system balloons with new features. This talk presents DIFC, an implementation of DIFC for Linux, and a case study of a complex, popular open-source application (MoinMoin Wiki) secured with DIFC. MoinMoin is a prototype for more ambitious and general work to come, such as a novel Web-based application platform with encouraging security guarantees. --------- Joint work with: Micah Brodsky, Natan Cliffer, Petros Efstathopoulos, Cliff Frey, Eddie Kohler, David Mazieres, Robert Morris, Frans Kaashoek, Steve VanDeBogart, Mike Walfish, Alex Yip, David Ziegler



Other Videos By Microsoft Research


2016-09-06Optimal Marketing Strategies over Social Networks
2016-09-06Earth: The Sequel- The Race to Reinvent Energy and Stop Global Warming
2016-09-06Learning Rules for Textual Entailment
2016-09-06Dynamics of real networks: patterns and algorithms
2016-09-06Attribute-Based Security and Messaging
2016-09-06Statistical Spoken Language Generation of Stylistic Variation
2016-09-06The Quest for the Minimal Hardness Assumptions
2016-09-06Delimited and Composable Continuations in PLT Scheme
2016-09-06Critical Data Protection for Reliability and Security
2016-09-06Multi-view approaches for camera calibration and image-based modeling
2016-09-06Securing the Web With Decentralized Information Flow Control
2016-09-06Reconstruction and visualization of large photo collections
2016-09-06Media Computation: Introducing Computing Contextualized in Video and Audio Processing
2016-09-06MOSAIC: Unified Platform for Dynamic Overlay Selection and Composition
2016-09-06Computational Insights Into the Social Life of Zebras and Other Animals
2016-09-06Debugging Reinvented: Asking and Answering Why and Why Not Questions about Program Behavior [1/17]
2016-09-06CitySense: A Vision for an Urban-Scale Wireless Sensor Testbed
2016-09-06Why task-structure matters: The effects of task and social forces on software development
2016-09-06Robust Face Recognition via Sparse Representation
2016-09-06How to make Discretionary Access Control Resistant to Trojan Horses
2016-09-06Modeling Intention in Email: Speech Acts, Information Leaks and User Ranking Methods [1/2]


Tags:
microsoft research