Fabric is a federated, distributed system for securely and reliably storing, sharing, and computing information. It is being developed by the Applied Programming Languages Group at Cornell University.

Fabric presents a single-system image of all resources that can be named by it, and provides security guarantees to mutually distrusting principals using it, but it is a decentralized system with no centralized security enforcement mechanism. Fabric provides decentralized yet compositional security.

The Fabric programming language, based on Jif, controls the placement of computation and data through type annotations that set policies for information security. Strong consistency is ensured through a hierarchical two-phase commit protocol that respects information security. Fabric leverages peer-to-peer replication to provide high availability.

The development of Fabric has been supported by NSF awards 0627649 and CCF-0964409, by ONR award N00014-09-1-0652, and by Air Force Research Laboratory award FA8750-08-2-0079.


Fabric reference manual (Version 0.2.1, June 2013) [ PDF ]


Fabric 0.2.1 (June 2013) is a maintenance release that contains fresh SSL certificates for the nodes used in the examples. The old certificates had expired.

The previous versions are still available:

  • (October 2012) Reference manual [ PDF ]
    • This release incorporates the support for mobile code described in our Oakland '12 paper, along with many improvements to usability, performance, and reliability.
  • (September 2010)

Mailing lists

Subscribe to fabric-announce to be notified about new releases of Fabric and related announcements.
Subscribe to fabric-users to participate in discussions about Fabric.

Related peer-reviewed group publications

  1. Defining and enforcing referential security
    3rd Conference on Principles of Security and Trust (POST 2014), to appear, April 2014. Jed Liu and Andrew C. Myers.
  2. Warranties for faster strong consistency
    11th USENIX Symposium on Networked Systems Design and Implementation (NSDI'14), to appear, April 2014. Jed Liu, Tom Magrino, Owen Arden, Michael D. George, and Andrew C. Myers.
  3. Language-based control and mitigation of timing channels
    Proceedings of the 2012 ACM Conference on Programming Language Design and Implementation (PLDI'12), June 2012. Danfeng Zhang, Aslan Askarov, and Andrew C. Myers.
  4. Sharing mobile code securely with information flow control
    Proc. 33rd IEEE Symposium on Security and Privacy (Oakland'12), pp. 192–205, May 2012. Owen Arden, Michael D. George, Jed Liu, K. Vikram, Aslan Askarov, Andrew C. Myers.
  5. Attacker control and impact for confidentiality and integrity
    Logical Methods in Computer Science, 7(3), September 2011, Aslan Askarov and Andrew C. Myers.
  6. Predictive mitigation of timing channels in interactive systems
    Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS'11), pages 563–574, October 2011. Danfeng Zhang, Aslan Askarov, and Andrew C. Myers.
  7. Predictive black-box mitigation of timing channels
    Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10), to appear, October 2010. Aslan Askarov, Danfeng Zhang, and Andrew C. Myers.
  8. Fabric: A platform for secure distributed computation and storage
    Proc. 22nd ACM Symposium on Operating Systems Principles (SOSP'09), pp. 321–334, October 2009. Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, and Andrew C. Myers.

Project members