Toward Secure Services from Untrusted Developers

We present a secure service prototype built from untrusted,contributed code.The service manages private data for a variety of different users, anduser programs frequently require access to other users' private data.However, aside from covert timing channels, no part of the service cancorrupt pr...

Full description

Bibliographic Details
Main Authors: Brodsky, Micah Z. (Micah Zev), Efstathopoulos, Petros, Kaashoek, Frans, Kohler, Eddie, Krohn, Maxwell, Mazieres, David, Morris, Robert, VanDeBogart, Steve, Yip, Alexander
Other Authors: Frans Kaashoek
Published: 2007
Subjects:
Online Access:http://hdl.handle.net/1721.1/38453
_version_ 1826206210221670400
author Brodsky, Micah Z. (Micah Zev)
Efstathopoulos, Petros
Kaashoek, Frans
Kohler, Eddie
Krohn, Maxwell
Mazieres, David
Morris, Robert
VanDeBogart, Steve
Yip, Alexander
author2 Frans Kaashoek
author_facet Frans Kaashoek
Brodsky, Micah Z. (Micah Zev)
Efstathopoulos, Petros
Kaashoek, Frans
Kohler, Eddie
Krohn, Maxwell
Mazieres, David
Morris, Robert
VanDeBogart, Steve
Yip, Alexander
author_sort Brodsky, Micah Z. (Micah Zev)
collection MIT
description We present a secure service prototype built from untrusted,contributed code.The service manages private data for a variety of different users, anduser programs frequently require access to other users' private data.However, aside from covert timing channels, no part of the service cancorrupt private data or leak it between users or outside the systemwithout permission from the data's owners.Instead, owners may choose to reveal their data in a controlled manner.This application model is demonstrated by Muenster, a job searchwebsite that protects both the integrity and secrecy of each user's data.In spite of running untrusted code, Muenster and other services canprevent overt leaks because the untrusted modules are constrained bythe operating system to follow pre-specified security policies, whichare nevertheless flexible enough for programmers to do useful work.We build Muenster atop Asbestos, a recently described operating systembased on a form of decentralized information flowcontrol.
first_indexed 2024-09-23T13:25:50Z
id mit-1721.1/38453
institution Massachusetts Institute of Technology
last_indexed 2024-09-23T13:25:50Z
publishDate 2007
record_format dspace
spelling mit-1721.1/384532019-04-10T15:17:35Z Toward Secure Services from Untrusted Developers Brodsky, Micah Z. (Micah Zev) Efstathopoulos, Petros Kaashoek, Frans Kohler, Eddie Krohn, Maxwell Mazieres, David Morris, Robert VanDeBogart, Steve Yip, Alexander Frans Kaashoek Parallel and Distributed Operating Systems decentralized information flow control operating systems security web services untrusted code debugging persistent storage We present a secure service prototype built from untrusted,contributed code.The service manages private data for a variety of different users, anduser programs frequently require access to other users' private data.However, aside from covert timing channels, no part of the service cancorrupt private data or leak it between users or outside the systemwithout permission from the data's owners.Instead, owners may choose to reveal their data in a controlled manner.This application model is demonstrated by Muenster, a job searchwebsite that protects both the integrity and secrecy of each user's data.In spite of running untrusted code, Muenster and other services canprevent overt leaks because the untrusted modules are constrained bythe operating system to follow pre-specified security policies, whichare nevertheless flexible enough for programmers to do useful work.We build Muenster atop Asbestos, a recently described operating systembased on a form of decentralized information flowcontrol. 2007-08-06T15:21:49Z 2007-08-06T15:21:49Z 2007-08-06 MIT-CSAIL-TR-2007-041 http://hdl.handle.net/1721.1/38453 Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory 20 p. application/pdf application/postscript
spellingShingle decentralized information flow control
operating systems
security
web services
untrusted code
debugging
persistent storage
Brodsky, Micah Z. (Micah Zev)
Efstathopoulos, Petros
Kaashoek, Frans
Kohler, Eddie
Krohn, Maxwell
Mazieres, David
Morris, Robert
VanDeBogart, Steve
Yip, Alexander
Toward Secure Services from Untrusted Developers
title Toward Secure Services from Untrusted Developers
title_full Toward Secure Services from Untrusted Developers
title_fullStr Toward Secure Services from Untrusted Developers
title_full_unstemmed Toward Secure Services from Untrusted Developers
title_short Toward Secure Services from Untrusted Developers
title_sort toward secure services from untrusted developers
topic decentralized information flow control
operating systems
security
web services
untrusted code
debugging
persistent storage
url http://hdl.handle.net/1721.1/38453
work_keys_str_mv AT brodskymicahzmicahzev towardsecureservicesfromuntrusteddevelopers
AT efstathopoulospetros towardsecureservicesfromuntrusteddevelopers
AT kaashoekfrans towardsecureservicesfromuntrusteddevelopers
AT kohlereddie towardsecureservicesfromuntrusteddevelopers
AT krohnmaxwell towardsecureservicesfromuntrusteddevelopers
AT mazieresdavid towardsecureservicesfromuntrusteddevelopers
AT morrisrobert towardsecureservicesfromuntrusteddevelopers
AT vandebogartsteve towardsecureservicesfromuntrusteddevelopers
AT yipalexander towardsecureservicesfromuntrusteddevelopers