Increasingly, confidential information is placed on network-accessible computers by organizations and individuals, yet neither the current practice nor theories of computer security are adequate to ensure that this information remains confidential. The lack of sound mechanisms for protecting confidential information, especially in the presence of malicious code or hosts, creates serious privacy, liability, and even national security concerns.
This research explores new security mechanisms that provide stronger, end-to-end assurance that data remains confidential. The focus is on three important areas where existing models are inadequate and existing enforcement methods are impractical. First, confidentiality must be protected even in systems that include both mutually distrusting principals and untrusted, possibly malicious hosts. Second, concurrent and distributed systems create new challenges for information flow control. Third, new techniques are needed for verifying that binary code, including legacy code, protects confidential information.
The goal of this work is fast, practical, end-to-end assurance of confidentiality for decentralized systems with mutual distrust. This kind of assurance promises to significantly strengthen the security of the emerging computing infrastructure.