Toward Secure Services from Untrusted Developers
We present a secure service prototype built from untrusted,contributed code.The service manages private data for a variety of different users, anduser programs frequently require access to other users' private data.However, aside from covert timing channels, no part of the service cancorrupt pr...
Main Authors: | , , , , , , , , |
---|---|
Other Authors: | |
Published: |
2007
|
Subjects: | |
Online Access: | http://hdl.handle.net/1721.1/38453 |
_version_ | 1826206210221670400 |
---|---|
author | Brodsky, Micah Z. (Micah Zev) Efstathopoulos, Petros Kaashoek, Frans Kohler, Eddie Krohn, Maxwell Mazieres, David Morris, Robert VanDeBogart, Steve Yip, Alexander |
author2 | Frans Kaashoek |
author_facet | Frans Kaashoek Brodsky, Micah Z. (Micah Zev) Efstathopoulos, Petros Kaashoek, Frans Kohler, Eddie Krohn, Maxwell Mazieres, David Morris, Robert VanDeBogart, Steve Yip, Alexander |
author_sort | Brodsky, Micah Z. (Micah Zev) |
collection | MIT |
description | We present a secure service prototype built from untrusted,contributed code.The service manages private data for a variety of different users, anduser programs frequently require access to other users' private data.However, aside from covert timing channels, no part of the service cancorrupt private data or leak it between users or outside the systemwithout permission from the data's owners.Instead, owners may choose to reveal their data in a controlled manner.This application model is demonstrated by Muenster, a job searchwebsite that protects both the integrity and secrecy of each user's data.In spite of running untrusted code, Muenster and other services canprevent overt leaks because the untrusted modules are constrained bythe operating system to follow pre-specified security policies, whichare nevertheless flexible enough for programmers to do useful work.We build Muenster atop Asbestos, a recently described operating systembased on a form of decentralized information flowcontrol. |
first_indexed | 2024-09-23T13:25:50Z |
id | mit-1721.1/38453 |
institution | Massachusetts Institute of Technology |
last_indexed | 2024-09-23T13:25:50Z |
publishDate | 2007 |
record_format | dspace |
spelling | mit-1721.1/384532019-04-10T15:17:35Z Toward Secure Services from Untrusted Developers Brodsky, Micah Z. (Micah Zev) Efstathopoulos, Petros Kaashoek, Frans Kohler, Eddie Krohn, Maxwell Mazieres, David Morris, Robert VanDeBogart, Steve Yip, Alexander Frans Kaashoek Parallel and Distributed Operating Systems decentralized information flow control operating systems security web services untrusted code debugging persistent storage We present a secure service prototype built from untrusted,contributed code.The service manages private data for a variety of different users, anduser programs frequently require access to other users' private data.However, aside from covert timing channels, no part of the service cancorrupt private data or leak it between users or outside the systemwithout permission from the data's owners.Instead, owners may choose to reveal their data in a controlled manner.This application model is demonstrated by Muenster, a job searchwebsite that protects both the integrity and secrecy of each user's data.In spite of running untrusted code, Muenster and other services canprevent overt leaks because the untrusted modules are constrained bythe operating system to follow pre-specified security policies, whichare nevertheless flexible enough for programmers to do useful work.We build Muenster atop Asbestos, a recently described operating systembased on a form of decentralized information flowcontrol. 2007-08-06T15:21:49Z 2007-08-06T15:21:49Z 2007-08-06 MIT-CSAIL-TR-2007-041 http://hdl.handle.net/1721.1/38453 Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory 20 p. application/pdf application/postscript |
spellingShingle | decentralized information flow control operating systems security web services untrusted code debugging persistent storage Brodsky, Micah Z. (Micah Zev) Efstathopoulos, Petros Kaashoek, Frans Kohler, Eddie Krohn, Maxwell Mazieres, David Morris, Robert VanDeBogart, Steve Yip, Alexander Toward Secure Services from Untrusted Developers |
title | Toward Secure Services from Untrusted Developers |
title_full | Toward Secure Services from Untrusted Developers |
title_fullStr | Toward Secure Services from Untrusted Developers |
title_full_unstemmed | Toward Secure Services from Untrusted Developers |
title_short | Toward Secure Services from Untrusted Developers |
title_sort | toward secure services from untrusted developers |
topic | decentralized information flow control operating systems security web services untrusted code debugging persistent storage |
url | http://hdl.handle.net/1721.1/38453 |
work_keys_str_mv | AT brodskymicahzmicahzev towardsecureservicesfromuntrusteddevelopers AT efstathopoulospetros towardsecureservicesfromuntrusteddevelopers AT kaashoekfrans towardsecureservicesfromuntrusteddevelopers AT kohlereddie towardsecureservicesfromuntrusteddevelopers AT krohnmaxwell towardsecureservicesfromuntrusteddevelopers AT mazieresdavid towardsecureservicesfromuntrusteddevelopers AT morrisrobert towardsecureservicesfromuntrusteddevelopers AT vandebogartsteve towardsecureservicesfromuntrusteddevelopers AT yipalexander towardsecureservicesfromuntrusteddevelopers |