Many computer programs today manipulate both sensitive and non-sensitive information. For example, a web browser is used for Internet banking but is also used (sometimes even simultaneously) for shopping and for social activities. This brings with it the quite real risk that secret banking information might accidentally 'leak' to a place that it shouldn't. We have to trust the web browser that it won't maliciously perpetrate such an information leak, and that it doesn't contain an error that would unintentionally enable such a leak.
This project develops a new platform for Trusted Internet Computing in which every piece of information has a sensitivity label attached to it. This enables the underlying system, a virtual machine, to catch information flows that should not be happening - even if the application support program (such as a browser) is doing the wrong thing. The user must have assurance that such improper flows, whether intentional or not, will be prevented.
The project is expected to lead to significant improvements in the way that trusted software is developed and deployed, because it allows separation of the security concerns of an application from the business logic. The resulting platform will be able to host applications that manipulate classified information, even though the applications themselves are untrusted. The end result will be greatly improved security and reliability of essential software infrastructure.
