Operating systems

A Type System for Data-Flow Integrity on Windows Vista

Download Now Free registration required

Executive Summary

The Windows Vista operating system implements an interesting model of multi-level integrity. The paper observes that in this model, trusted code must participate in any information-flow attack. Thus, it is possible to eliminate such attacks by statically restricting trusted code. The paper formalizes this model by designing a type system that can efficiently enforce data-flow integrity on Windows Vista. Typechecking guarantees that objects whose contents are statically trusted never contain untrusted values, regardless of what untrusted code runs in the environment. Some of Windows Vista's runtime access checks are necessary for soundness; others are redundant and can be optimized away.

  • Format: PDF
  • Size: 232.4 KB