Rfblare (Race-Free Blare) is a new version of KBlare, developped for the kernel version 4.7 and onwards. It is designed to overcome two major problems impacting information flow trackers built on the Linux Security Modules framework (including KBlare).

  • When system calls generating an information flow (such as read and write) are performed concurrently and affect the same container of information, the trackers may miss some indirect flows of information.
  • Information flow trackers are not able to monitor flows of information occurring in files mapped in memory or in shared memory fragments. This is because these flows are done in userspace, by simple memory accesses, which do not require a system call. Since no LSM hooks can possibly mediate these flows, trackers have no choice but to track the mapping and unmapping of files. Detecting all flows that could happen is still not trivial in this case. When a process maps two files A and B, we must consider that there are not only flows between the process and each one of the files, but also between A and B since the process can write into one file what it reads from the other. This transitivity of flows was not handled in all cases in previous versons of Kblare.

Rfblare solves both of this problem using a new tags propagation algorithm.

Rfblare is still a young project, and while it is built upon the knowledge acquired by the design and implementation of Kblare, it is not complete yet. For now, there is no notion of policy in Rfblare. Only the tags propagation mechanism is implemented.

See the Rfblare guides for details about installing and testing Rfblare, as well as a description of some attacks on LSM-based trackers Rfblare can counter.

The proofs of the formal results in the article describing Rfblare accepted at SEFM 2017 can be downloaded here. They have been formally verified with Coq, the proof assistant, version 8.6. The file can be viewed in a browser here or downloaded here.

You can also consult the Kblare page for details about KBlare.