Open Source

Projects
Patches

Top Projects

Aquinas
guestrace
VisorFlow
SimpleFlow
libdmapsharing

System Integration

Notes
SRPMs

SimpleFlow

A simple information-flow-based security module for Linux

Overview

SimpleFlow implements a very simple view of information flow within the Linux kernel. (We do not claim to approach the sophistication of IX, HiStar, etc.) We have found the design of SimpleFlow useful in education and certain computer-security competitions, and we are also interested in the use of SimpleFlow to study post-compromise exfiltration and insider threats.

Under SimpleFlow, the system administrator designates some filesystem objects as confidential and some programs as trusted (SimpleFlow stores both using extended attributes). Any process not loaded from a trusted program will become tainted upon reading a confidential object. The kernel transfers this taint status from process to process as a result of inter-process communication (e.g., an untainted process reads from a tainted process over an IPC channel). If a tainted process writes to the network, the kernel sets the packet's RFC 3514 evil bit; this allows for a variety of filtering or spoofing strategies which might help determine the intention of the principal who read the confidential data in the first place.

SimpleFlow Virtual Machine

SimpleFlowDemo-0.3-linux-3.10.0.ova provides in OVA format a virtual machine which contains a SimpleFlow kernel along with a CentOS 7 installation. Some useful SimpleFlow-related commands include:

getfattr -n security.simple-flow.confidential -v true PATH
Set the confidential flag on the file at PATH.
getfattr -x security.simple-flow.confidential PATH
Remove the confidential flag from the file at PATH.
getfattr -n security.simple-flow.trusted -v true PATH
Set the trusted flag on the program at PATH.
getfattr -x security.simple-flow.trusted PATH
Remove the trusted flag from the program at PATH.
ps auxZ
Enumerate the running processes, including whether they are tainted.
echo 1 > /proc/PID/attr/current
Taint the process matching PID.
echo 0 > /proc/PID/attr/current
Untaint the process matching PID.
dmesg -w
Watch SimpleFlow (and other kernel) events.

Papers

 
T.J. O'Connor, William Enck, W. Michael Petullo, and Akash Verma. PivotWall: SDN-based information flow control. In Proceedings of the Symposium on SDN Research, SOSR '18, New York, NY, USA, March 2018. ACM. [ bib ]
 
Matt Shockley, Chris Maixner, Ryan Johnson, Mitch DeRidder, and W. Michael Petullo. Using VisorFlow to control information flow without modifying the operating system kernel or its userspace. In Proceedings of the 9th ACM CCS International Workshop on Managing Insider Security Threats, MIST '17, New York, NY, USA, October 2017. ACM. [ bib | paper ]
 
Ryan Johnson, Jessie Lass, and W. Michael Petullo. Studying naïve users and the insider threat with SimpleFlow. In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST '16, pages 35--46, New York, NY, USA, October 2016. ACM. [ bib | paper ]
 
W. Michael Petullo, Kyle Moses, Ben Klimkowski, Ryan Hand, and Karl Olson. The use of cyber-defense exercises in undergraduate computing education. In Proceedings of the 2016 USENIX Workshop on Advances in Security Education, ASE '16, Washington, DC, USA, August 2016. USENIX Association. [ bib | paper ]
 
Leo St. Amour and W. Michael Petullo. Improving application security through TLS-library redesign. In Peter Schwabe, Jon Solworth, and Rajat Subhra, editors, Proceedings of the Fifth International Conference on Security, Privacy, and Applied Cryptography Engineering. Springer, October 2015. (30% acceptance rate). [ bib | paper ]
 
W. Michael Petullo and Joseph Suh. On the generality and convenience of Etypes. In Proceedings of the 2015 IEEE Security and Privacy Workshops, New York, NY, USA, May 2015. IEEE. [ bib | paper ]
 
Kyle V. Moses and W. Michael Petullo. Teaching computer security. In Proceedings of the ASEE Middle Atlantic Section Meeting, ASEE MidAtlantic '14, Washington, DC, USA, November 2014. ASEE. [ bib | paper ]
 
W. Michael Petullo, Jon A. Solworth, Wenyuan Fei, and Pat Gavlin. Ethos' deeply integrated distributed types. In Proceedings of the 2014 IEEE Security and Privacy Workshops, New York, NY, USA, May 2014. IEEE. [ bib | paper ]
 
W. Michael Petullo, Xu Zhang, Jon A. Solworth, Daniel J. Bernstein, and Tanja Lange. MinimaLT: Minimal-latency networking through better security. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, New York, NY, USA, November 2013. ACM. (20% acceptance rate). [ bib | slides | paper ]
 
W. Michael Petullo and Jon A. Solworth. Simple-to-use, secure-by-design networking in Ethos. In Proceedings of the 6th European Workshop on System Security, EUROSEC '13, New York, NY, USA, April 2013. ACM. (30% acceptance rate). [ bib | paper ]
 
W. Michael Petullo and Jon A. Solworth. The lazy kernel hacker and application programmer. Presentation at the 3rd ACM workshop on Runtime Environments, Systems, Layering and Virtualized Environments, March 2013. [ bib ]
 
W. Michael Petullo and Jon A. Solworth. Simple-to-use, secure-by-design networking in Ethos. Presentation at the 3rd ACM workshop on Runtime Environments, Systems, Layering and Virtualized Environments, March 2013. [ bib ]
 
W. Michael Petullo and Jon A. Solworth. Digital identity security architecture in Ethos. In Proceedings of the 7th ACM workshop on Digital Identity Management, DIM '11, pages 23--30, New York, NY, USA, October 2011. ACM. (45% acceptance rate). [ bib | paper ]
 
W. Michael Petullo and Jon A. Solworth. Rethinking operating system interfaces to support robust applications. Poster Session of the 2012 IEEE Symposium on Security and Privacy, May 2012. [ bib | paper ]
 
W. Michael Petullo and Jon A. Solworth. The Ethos project: Security through simplification. Poster Session of the 2012 USENIX Symposium on Operating Systems Design and Implementation, October 2012. [ bib ]
 
W. Michael Petullo. Let's help Johnny write robust applications, 2012. Invited talk, December 3, University of Wisconsin--Madison. [ bib ]
 
W. Michael Petullo. Rethinking Operating System Interfaces to Support Robust Network Applications. PhD thesis, University of Illinois at Chicago, Chicago, IL, USA, May 2013. [ bib | paper ]
 
W. Michael Petullo. Building custom firmware with OpenWrt. Linux Journal, 2010(196):56--61, August 2010. Belltown Media. [ bib | paper ]
 
W. Michael Petullo. Implementing encrypted home directories. Linux Journal, 2003(112), August 2003. Belltown Media. [ bib | paper ]
 
W. Michael Petullo. Encrypt your root filesystem. Linux Journal, 2005(129), January 2005. Belltown Media. [ bib | paper ]
 
W. Michael Petullo. Developing GNOME applications with Java. Linux Journal, 2005(135):72--78, July 2005. Belltown Media. [ bib | paper ]
 
W. Michael Petullo. Amateur video production using free software and Linux. Linux Journal, May 2002. Belltown Media. [ bib | paper ]
 
W. Michael Petullo. Open source telephony: a Fedora-based VoIP server with Asterisk. Red Hat Magazine, July 2008. [ bib | paper ]
 
W. Michael Petullo. From camera to website: Building an open source video streamer. Red Hat Magazine, April 2008. [ bib | paper ]
 
W. Michael Petullo. Serving Apples: Integrating Mac OS X clients into a Fedora network. Red Hat Magazine, January 2008. [ bib | paper ]
 
W. Michael Petullo. Disk encryption in Fedora: Past, present and future. Red Hat Magazine, January 2007. [ bib | paper ]
 
W. Michael Petullo. Adding encryption support to HAL: A user's experience with Fedora development. Red Hat Magazine, October 2005. [ bib | paper ]
Email: www@flyn.org — ✉ 6110 Campfire Court; Columbia, Maryland 21045; USA