| Presentation | 2022-03-10 Implementation and evaluation of decentralized information flow control system using container-based virtualization Ayato Tachibana, Hidetsugu Irie, Shuichi Sakai, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Decentralized Information Flow Control(DIFC) is a method to prevent vulnerabilities more effectively than Mandatory Access Control(MAC) by allowing application developers to set policies. However, the implementation of DIFC using existing methods requires modifications to the operating system, which creates a high barrier to implementation. As a method that does not require any modification to the OS, we proposed a method of implementing the DIFC system on a Container-based virtualization environment. In this study, we implemented this method on a Container-based virtualization environment and evaluated it by running a practical web application on the system. The results of the security evaluation showed that the method can prevent vulnerabilities of a practical web application. In addition, the performance evaluation showed that the overhead was about 33% compared to the existing container environment, and there was less impact than existing methods. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Directory Traversal / Information Flow Tracking / Access Control / Decentralized Information Flow Control (DIFC) / Container-based virtualization / gVisor |
| Paper # | CPSY2021-47,DC2021-81 |
| Date of Issue | 2022-03-03 (CPSY, DC) |
| Conference Information | |
| Committee | CPSY / DC / IPSJ-SLDM / IPSJ-EMB / IPSJ-ARC |
|---|---|
| Conference Date | 2022/3/10(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | ETNET2021 |
| Chair | Michihiro Koibuchi(NII) / Hiroshi Takahashi(Ehime Univ.) / Yuichi Nakamura(NEC) / / Hiroshi Inoue(Kyushu Univ.) |
| Vice Chair | Kota Nakajima(Fujitsu Lab.) / Tomoaki Tsumura(Nagoya Inst. of Tech.) / Tatsuhiro Tsuchiya(Osaka Univ.) |
| Secretary | Kota Nakajima(JAIST) / Tomoaki Tsumura(Hitachi) / Tatsuhiro Tsuchiya(Nihon Univ.) / (Chiba Univ.) / (Tokyo City Univ.) / (Tokyo Inst. of Tech.) |
| Assistant | Ryohei Kobayashi(Tsukuba Univ.) / Takaaki Miyajima(Meiji Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Computer Systems / Technical Committee on Dependable Computing / Special Interest Group on System and LSI Design Methodology / Special Interest Group on Embedded Systems / Special Interest Group on System Architecture |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Implementation and evaluation of decentralized information flow control system using container-based virtualization |
| Sub Title (in English) | |
| Keyword(1) | Directory Traversal |
| Keyword(2) | Information Flow Tracking |
| Keyword(3) | Access Control |
| Keyword(4) | Decentralized Information Flow Control (DIFC) |
| Keyword(5) | Container-based virtualization |
| Keyword(6) | gVisor |
| 1st Author's Name | Ayato Tachibana |
| 1st Author's Affiliation | The University of Tokyo(UTokyo) |
| 2nd Author's Name | Hidetsugu Irie |
| 2nd Author's Affiliation | The University of Tokyo(UTokyo) |
| 3rd Author's Name | Shuichi Sakai |
| 3rd Author's Affiliation | The University of Tokyo(UTokyo) |
| Date | 2022-03-10 |
| Paper # | CPSY2021-47,DC2021-81 |
| Volume (vol) | vol.121 |
| Number (no) | CPSY-425,DC-426 |
| Page | pp.pp.14-19(CPSY), pp.14-19(DC), |
| #Pages | 6 |
| Date of Issue | 2022-03-03 (CPSY, DC) |