Asbestos is an operating system developed at MIT, Stanford and UCLA to explore information flow control policies. The motivation behind Asbestos is that typical access control systems are concerned with the release of information, however, once that information is released, the principal that released that information has no way to control it. The problem is that a program might want to make use of a service another program provides but not want to release the information to it. To work around this, the OS provides the ability to taint data. The taint is automatically applied to any derived information. To propagate information outside of the machine, the releaser must first untaint the information. This can only be done with the original principal's authorization.
External Links
- The Asbestos homepage on the Wayback machine.
- Asbestos - An operating System for Mobile Devices
- Labels and Event Processes in the Asbestos Operating System, Efstathopoulos et al. 2005