This paper presents a capability-based decentralized information flow control (DIFC) model and implements this model on a Barrelfish kernel. In this model, we use a uniform abstraction, capabilities, to describe the restriction rules and manipulate information labels. The structure of our model is concise and easy to implement on a real-world system. We have added several system calls in the Barrelfish kernel, including secure message passing, compartment allocation and capability transferring. The results show that the capability-based DIFC rules ensure the security and integrity of the system communication mechanism with a small amount of system overhead.
CITATION STYLE
Sun, J., & Long, X. (2019). CapFlow: A capability-based DIFC system. In Advances in Intelligent Systems and Computing (Vol. 752, pp. 813–819). Springer Verlag. https://doi.org/10.1007/978-981-10-8944-2_94
Mendeley helps you to discover research relevant for your work.