HiStar HiStar

HiStar is a new operating system designed to minimize the amount of trusted code in a system. HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of applications. HiStar's security features make it possible to implement a Unix-like environment with acceptable performance almost entirely in an untrusted user-level library. The system has no notion of superuser, and no fully trusted code other than the kernel. HiStar's features permit several novel applications, including an entirely untrusted login process, separation of data between virtual private networks, and privacy-preserving, untrusted virus scanners.

People

Publications

Software

HiStar is available through Git. To obtain or browse the source code, visit https://github.com/zeldovich/histar.

To compile HiStar, you may need to set up a cross-build environment. You will need to install the GNU binutils and GCC packages. See the file README in the top-level directory of the HiStar source tree for the appropriate ./configure arguments.

Alternatively, you may be able to build HiStar using your native compiler, if HiStar runs on that platform. Currently, HiStar runs on i386, x86_64, and sparcv8 systems. Edit the conf/config.mk file to set the K_ARCH variable accordingly.

HiStar on a CD

You can download a CD image with a recent version of HiStar to get a feel for how it works. Running HiStar from a CD image requires at least 256MB of main memory. (Note: the CD images are about 50MB in size.)

HiStar CD image for x86-64 processors.

HiStar CD image for i386 processors. Note that this 32-bit port is not as stable as the 64-bit version; please use the 64-bit version if possible.

HiStar starts a standard Unix shell on the console, and comes with vim, perl, gcc, sshd, and a number of other common Unix tools. A few examples that use HiStar's security features are pre-installed in the /sample directory. As in Unix, you can use cd , ls , and cat to navigate the file system from the shell.

To start the HiStar ISO image using qemu, run the command:

qemu-system-x86_64 -m 256 -serial stdio -cdrom histar-boot-amd64.iso