Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

  • Laurent GeorgetEmail author
  • Mathieu Jaume
  • Guillaume Piolle
  • Frédéric Tronel
  • Valérie Viet Triem Tong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10469)


Information flow control can be used at the Operating System level to enforce restrictions on the diffusion of security-sensitive data. In Linux, information flow trackers are often implemented as Linux Security Modules. They can fail to monitor some indirect flows when flows occur concurrently and affect the same containers of information. Furthermore, they are not able to monitor the flows due to file mappings in memory and shared memory between processes. We first present two attacks to evade state-of-the-art LSM-based trackers. We then describe an approach, formally proved with Coq [12] to perform information flow tracking able to cope with concurrency and in-memory flows. We demonstrate its implementability and usefulness in Rfblare, a race condition-free version of the flow tracking done by KBlare [4].


Information flow tracking Linux LSM 


  1. 1.
    Cristiá, M., Mata, P.E.: Runtime enforcement of noninterference by duplicating processes and their memories. In: Workshop de Seguridad Informática WSEGI, vol. 2009 (2009)Google Scholar
  2. 2.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Georget, L., Jaume, M., Piolle, G., Tronel, F., Viet Triem Tong, V.: Verifying the reliability of operating system-level information flow control systems in Linux. In: FormaliSE: FME Workshop on Formal Methods in Software Engineering. IEEE, Buenos Aires, May 2017Google Scholar
  4. 4.
    Hauser, C.: Détection d’intrusion dans les systémes distribués par propagation de teinte au niveau noyau. Ph.D. thesis, University of Rennes 1, France., June 2013Google Scholar
  5. 5.
    Jaume, M., Andriatsimandefitra, R., Tong, V.V.T., Mé, L.: Secure states versus secure executions. In: Bagchi, A., Ray, I. (eds.) ICISS 2013. LNCS, vol. 8303, pp. 148–162. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-45204-8_11CrossRefGoogle Scholar
  6. 6.
    Krohn, M., Tromer, E.: Noninterference for a practical DIFC-based operating system. In: IEEE Symposium on Security and Privacy, pp. 61–76. IEEE Computer Society, Washington, DC (2009)Google Scholar
  7. 7.
    Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard OS abstractions. In: ACM SIGOPS Symposium on Operating Systems Principles, pp. 321–334. ACM, Stevenson, October 2007Google Scholar
  8. 8.
    Nadkarni, A., Andow, B., Enck, W., Jha, S.: Practical DIFC enforcement on Android. In: 25th USENIX Security Symposium, USENIX Security 2016, pp. 1119–1136. USENIX Association, Austin, August 2016Google Scholar
  9. 9.
    Porter, D.E., Bond, M.D., Roy, I., Mckinley, K.S., Witchel, E.: Practical fine-grained information flow control using laminar. ACM Trans. Program. Lang. Syst. 37(1), 1–51 (2014)CrossRefGoogle Scholar
  10. 10.
    Roy, I., Porter, D.: Laminar, August 2014.
  11. 11.
    Roy, I., Porter, D.E., Bond, M.D., McKinley, K.S., Witchel, E.: Laminar: practical fine-grained decentralized information flow control. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 63–74. ACM, Dublin, June 2009Google Scholar
  12. 12.
    The Coq Development Team: The Coq Proof Assistant Reference Manual. Technical report, Inria, December 2016Google Scholar
  13. 13.
    VanDeBogart, S., Efstathopoulos, P., Kohler, E., Krohn, M., Frey, C., Ziegler, D., Kaashoek, F., Morris, R., Maziéres, D.: Labels and event processes in the asbestos operating system. ACM Trans. Comput. Syst. 25(4), December 2007. Article No. 11.
  14. 14.
    Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security modules: general security support for the Linux kernel. In: USENIX Security Symposium, pp. 17–31. USENIX Association, San Francisco (2002)Google Scholar
  15. 15.
    Zimmermann, J., Mé, L., Bidan, C.: Experimenting with a policy-based HIDS based on an information flow control model. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC), December 2003Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Laurent Georget
    • 1
    Email author
  • Mathieu Jaume
    • 2
  • Guillaume Piolle
    • 1
  • Frédéric Tronel
    • 1
  • Valérie Viet Triem Tong
    • 1
  1. 1.EPC CIDRE CentraleSupelec/Inria/CNRS/Université de Rennes 1RennesFrance
  2. 2.Sorbonne Universités, UPMC, CNRS, LIP6 UMR 7606ParisFrance

Personalised recommendations