What is Trishul?
Trishul is an system primarily designed to help enforce policies associated with data/information. At the core of the architecture is a Java Virtual Machine (JVM) implementation that supports information flow control.
Consider an email with a distribution policy set as "Do not forward". If the email application is not trusted, in order to enforce such a policy, it becomes necessary to trace the flow of each and every bit of data that originates from that email as it is propagated within the system and then when an unapproved operation is performed on the data, the system intercepts that actions and denies it. Trishul JVM provides the framework for such a system.
Consider the diagram above. When an application introduces data into the system via standard input channels (file system, network etc.) Trishul asks the policy engine (more on this entity later) to check if it is a policy tagged data. If yes, Trishul associates a taint with the data. This taint is propagated to every single portion of the memory that is occupied by the data. Thus even if the application tries to split a string into several one-byte character variables, these variables will also be tagged with the same taint.
When the application tries to perform actions on tainted data, the JVM interscepts the call and routes it to the policy engine to check if that call can be allowed or not. The Policy Engine looks up the policy associated with the tainted data and decides on a course of action. This response is conveyed to the JVM which either allows the action or disallows it.
Source CodeTrishul JVM has been developed as an enhancement of the Kaffe JVM (v1.1.7). Version 0.1 of Trishul, released on 6th Nov., 2008 can be downloaded here. If you are finding it difficult to compile and instal Trishul, an Ubuntu 6.10 VM is available as virtual appliance for ease of use. Please email me for more information.
Why the name 'Trishul'?
Sounded like a cool name for the project :) On a more serious note, the system involves three main parts - introduction of (tainted) data into the system, propagation of taint within the system and the intersception of action and decision process performed on it. These three phases are symbplised by the three spokes of the trident of the Trishul.