We have implemented a fully information flow secure Linux that is usable with a minimal overhead without losing any of the existing functionality. Towards such a goal, we have developed the design, implementation, and evaluation of a fully information flow secure Linux operating system called “SPLinux” by enforcing complete mediation. Our approach first derives a labeled system (with initial inputs from the user in terms of Linux DAC policy — which is also needed for any Linux usage) and manages the labels automatically without users’ intervention. It realizes complete mediation by interception of system calls and enforces the information flow control (IFC) policy by implementing the decentralized security model called the readers writers flow model (RWFM) that supports robust declassification.
We have designed, implemented and evaluated the said SPLinux operating system as an extension to a regular Linux OS distribution, currently the Ubuntu 16.04 base distribution. We have evaluated the security of SPLinux by executing various well-known strategies used by the ‘spywares’ and ‘trojan horses’ that use indirect information flows for data leaks and data corruption. While many of these examples successfully breach the security of regular Linux, they all fail in the flow secured SPLinux. We have also evaluated its performance by performing various benchmarks including file-system, process creation and inter-process communication (IPC) and related operations and comparing it with the performance of the widespread SELinux.
We are in the process of formally verifying the security and functional correctness of the trusted code base. We are also pushing our current implementation that is in user space, into the Linux kernel, which would gain us significant performance improvement in terms of reduced overheads. We also intend to apply the notion of Crash-Hoare logic for introducing crash recovery in SPLinux.