Implement labels and information flow control in Rust Oak Runtime #630
Comments
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Feb 28, 2020
Not used yet, but as a starting point for future functionality. Ref project-oak#630
6 tasks
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Feb 28, 2020
Not used yet, but as a starting point for future functionality. Ref project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 4, 2020
Not used yet, but as a starting point for future functionality. Ref project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 4, 2020
Not used yet, but as a starting point for future functionality. It is in the ABI because it will be used by both the runtime and the SDK. Ref project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 4, 2020
Not used yet, but as a starting point for future functionality. It is in the ABI because it will be used by both the runtime and the SDK. Ref project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 5, 2020
Not used yet, but as a starting point for future functionality. It is in the ABI because it will be used by both the runtime and the SDK. Ref project-oak#630
tiziano88
added a commit
that referenced
this issue
Mar 5, 2020
Not used yet, but as a starting point for future functionality. It is in the ABI because it will be used by both the runtime and the SDK. Ref #630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 6, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 6, 2020
1 task
tiziano88
added a commit
that referenced
this issue
Mar 6, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 24, 2020
Will be used for enforcing Information Flow between Nodes and Channels as part of project-oak#630. Ref project-oak#603
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 24, 2020
Will be used for enforcing Information Flow between Nodes and Channels as part of project-oak#630. Ref project-oak#603
tiziano88
added a commit
that referenced
this issue
Mar 25, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 30, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 30, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 30, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 30, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 30, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 30, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Mar 30, 2020
This allows to define a clear ABI that node and pseudo-node implementations in Rust have access to. Ref project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
Apr 16, 2020
tiziano88
added a commit
that referenced
this issue
Apr 16, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 11, 2020
Expand `channel_create` host function call to accept a Label parameter, similar to `node_create`. Add `Client::new_with_label` method to allow creating a gRPC client pseudo-node at a specific IFC label. This will act as a declassification, once more IFC rules are implemented in the Runtime. Fix aggregator example documentation. Ref project-oak#972 project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 12, 2020
Expand `channel_create` host function call to accept a Label parameter, similar to `node_create`. Add `Client::new_with_label` method to allow creating a gRPC client pseudo-node at a specific IFC label. This will act as a declassification, once more IFC rules are implemented in the Runtime. Fix aggregator example documentation. Ref project-oak#972 project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 12, 2020
Expand `channel_create` host function call to accept a Label parameter, similar to `node_create`. Add `Client::new_with_label` method to allow creating a gRPC client pseudo-node at a specific IFC label. This will act as a declassification, once more IFC rules are implemented in the Runtime. Fix aggregator example documentation. Ref project-oak#972 project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 12, 2020
Expand `channel_create` host function call to accept a Label parameter, similar to `node_create`. Add `Client::new_with_label` method to allow creating a gRPC client pseudo-node at a specific IFC label. This will act as a declassification, once more IFC rules are implemented in the Runtime. Fix aggregator example documentation. Ref project-oak#972 project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 12, 2020
Expand `channel_create` host function call to accept a Label parameter, similar to `node_create`. Add `Client::new_with_label` method to allow creating a gRPC client pseudo-node at a specific IFC label. This will act as a declassification, once more IFC rules are implemented in the Runtime. Update ABI documentation. Fix aggregator example documentation. Ref project-oak#972 project-oak#630
tiziano88
added a commit
that referenced
this issue
May 12, 2020
Expand `channel_create` host function call to accept a Label parameter, similar to `node_create`. Add `Client::new_with_label` method to allow creating a gRPC client pseudo-node at a specific IFC label. This will act as a declassification, once more IFC rules are implemented in the Runtime. Update ABI documentation. Fix aggregator example documentation. Ref #972 #630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 13, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 13, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 13, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 14, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 14, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 14, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 14, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 14, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 14, 2020
tiziano88
added a commit
that referenced
this issue
May 15, 2020
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 29, 2020
Previously downgrade was only allowed when writing to lower labels, but not when reading from higher labels. This makes both possible, relying on the same underlying Node privilege. Credit to @aferr for the explanation and suggestions on how to implement it, and also link to the relevant Slack discussion, for reference: https://project-oak.slack.com/archives/CHE9E13C3/p1590712037024800?thread_ts=1590660390.016600&cid=CHE9E13C3 Ref project-oak#630
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 29, 2020
Previously downgrade was only allowed when writing to lower labels, but not when reading from higher labels. This makes both possible, relying on the same underlying Node privilege. Credit to @aferr for the explanation and suggestions on how to implement it, and also link to the relevant Slack discussion, for reference: https://project-oak.slack.com/messages/CHE9E13C3/p1590712037024800?thread_ts=1590660390.016600 Ref project-oak#630
6 tasks
tiziano88
added a commit
to tiziano88/oak
that referenced
this issue
May 29, 2020
Previously downgrade was only allowed when writing to lower labels, but not when reading from higher labels. This makes both possible, relying on the same underlying Node privilege. Credit to @aferr for the explanation and suggestions on how to implement it, and also link to the relevant Slack discussion, for reference: https://project-oak.slack.com/messages/CHE9E13C3/p1590712037024800?thread_ts=1590660390.016600 Ref project-oak#630
tiziano88
added a commit
that referenced
this issue
May 29, 2020
Previously downgrade was only allowed when writing to lower labels, but not when reading from higher labels. This makes both possible, relying on the same underlying Node privilege. Credit to @aferr for the explanation and suggestions on how to implement it, and also link to the relevant Slack discussion, for reference: https://project-oak.slack.com/messages/CHE9E13C3/p1590712037024800?thread_ts=1590660390.016600 Ref #630
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Details TBD, but the implementation must support the functionality sketched out in #515 , at a minimum.
This issue is specifically about implementing this for the Rust Oak Runtime (which is not used yet) as opposed to the C++ one.
The text was updated successfully, but these errors were encountered: