Abstract
Information-flow control (IFC) encompasses several practical end-to-end security requirements including confidentiality and integrity, and is widely regarded as a uniform approach to building secure systems. File system is an important component of any secure system as it is the most widely used channel for information sharing among applications. In this paper, we present a design and implementation of a secure file system, based on the Readers-Writers Flow Model (RWFM), for a Linux OS. The secure file system imposes requisite access controls at the granularity of operating system processes, and controls information-flow via the file-system objects. That the system indeed prevents misuse of indirect information flow is demonstrated by encoding practical security policies like the standard Linux access controls, RBAC, Chinese-wall etc. One of the distinct characteristics of the approach is that it satisfies the property of labeled security protection as envisaged in the Trusted Computer System Evaluation Criteria; perhaps the first on a full file system of a widely used OS. Another distinct advantage of our system is that it requires (i) minimal effort from the end-user for specifying the initial policy, and (ii) no additional effort from the programmers perspective. The current implementation is illustrated through examples, compared with implementations of other similar efforts related to file-systems and other relevant facets from the literature.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
