Modern organizations face increasingly complex information management requirements. A combination of commercial needs, legal liability and regulatory imperatives has created a patch-work of mandated policies. Among these, personally identifying customer records must be carefully access-controlled, sensitive files must be encrypted on mobile computers to guard against physical theft and intellectual property must be protected from both exposure and ``poisoning.'' However, enforcing such policies can be quite difficult in practice since users routinely share data over networks and derive new files from these inputs -- incidentally laundering any policy restrictions. In this paper, we describe a VMM system called Neon that transparently labels derived data using byte-level ``tints'' and tracks these labels end-to-end across commodity applications, operating systems and networks. We demonstrate that this mechanism allows the enforcement of a variety of data management policies, including data-dependent confinement, intellectual property management, and mandatory I/O encryption.

Pre-2018 CSE ID: CS2008-0934