Using VisorFlow to Control Information Flow Without Modifying the Operating System Kernel or Its Userspace
| Title | Using VisorFlow to Control Information Flow Without Modifying the Operating System Kernel or Its Userspace |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Shockley, Matt, Maixner, Chris, Johnson, Ryan, DeRidder, Mitch, Petullo, W. Michael |
| Conference Name | Proceedings of the 2017 International Workshop on Managing Insider Security Threats |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5177-5 |
| Keywords | composability, Information Flow Control, Metrics, pubcrawl, resilience, Resiliency, security, virtual-machine introspection, Windows operating system |
| Abstract | VisorFlow aims to monitor the flow of information between processes without requiring modifications to the operating system kernel or its userspace. VisorFlow runs in a privileged Xen domain and monitors the system calls executing in other domains running either Linux or Windows. VisorFlow uses its observations to prevent confidential information from leaving a local network. We describe the design and implementation of VisorFlow, describe how we used VisorFlow to confine na\"ive users and malicious insiders during the 2017 Cyber-Defense Exercise, and provide performance measurements. We have released VisorFlow and its companion library, libguestrace, as open-source software. |
| URL | https://dl.acm.org/citation.cfm?doid=3139923.3139924 |
| DOI | 10.1145/3139923.3139924 |
| Citation Key | shockley_using_2017 |