RIFLE: An architectural framework for user-centric information-flow security

Neil Vachharajani, Matthew J. Bridges, Jonathan Chang, Ram Rangan, Guilherme Ottoni, Jason A. Blome, George A. Reis, Manish Vachharajani, David I. August

Research output: Contribution to journalConference article

141 Scopus citations

Abstract

Even as modern computing systems allow the manipulation and distribution of massive amounts of information, users of these systems are unable to manage the confidentiality of their data in a practical fashion. Conventional access control security mechanisms cannot prevent the illegitimate use of privileged data once access is granted. For example, information provided by a user during an online purchase may be covertly delivered to malicious third parties by an untrustworthy web browser. Existing information-flow security mechanisms do provide this assurance, but only for programmer-specified policies enforced during program development as a static analysis on special-purpose type-safe languages. Not only are these techniques not applicable to many commonly used programs, but they leave the user with no defense against malicious programmers or altered binaries. In this paper, we propose RIFLE, a runtime information-flow security system designed from the user's perspective. By addressing information-flow security using architectural support, RIFLE gives users a practical way to enforce their own information-flow security policy on all programs. We prove that, contrary to statements in the literature, run-time systems like RIFLE are no less secure than existing language-based techniques. Using a model of the architectural framework and a binary translator, we demonstrate RIFLE's correctness and illustrate that the performance cost is reasonable.

Original languageEnglish (US)
Pages (from-to)243-254
Number of pages12
JournalProceedings of the Annual International Symposium on Microarchitecture, MICRO
StatePublished - Dec 1 2004
Event37th International Symposium on Microarchitecture - MICRO-37 2004 - Portland, OR, United States
Duration: Dec 4 2004Dec 8 2004

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Fingerprint Dive into the research topics of 'RIFLE: An architectural framework for user-centric information-flow security'. Together they form a unique fingerprint.

  • Cite this

    Vachharajani, N., Bridges, M. J., Chang, J., Rangan, R., Ottoni, G., Blome, J. A., Reis, G. A., Vachharajani, M., & August, D. I. (2004). RIFLE: An architectural framework for user-centric information-flow security. Proceedings of the Annual International Symposium on Microarchitecture, MICRO, 243-254.