Only a handful of programmers have the right mindset to write secure code, and experience shows that few applications have the luxury of being written by such programmers. Thus, the vast majority of all software is untrustworthy. At the same time, operating systems and networks have spectacularly failed to control the damage caused by subverted software. Worms and viruses propagate widely. Attackers take over machines by the tens of thousand, harnessing botnets that can send spam, mount denial of service attacks, host phishing web sites, and carry out many many other nefarious tasks. On the server side, we routinely hear of flawed systems disclosing hundreds of thousands of social security numbers, or even millions of credit card numbers. One way to address this problem may be to specify security policies not in terms of what operations programs can invoke--which rapidly becomes difficult to reason about--but rather in terms of what can happen to the data. A number of typical security problems can more easily be couched in terms of information flow. For example, protecting users' private profile information on a web site often boils down to ensuring one person's information (social security number, credit card, etc.) cannot be sent to another user's browser. Protecting against Trojan horses means ensuring network payloads do not affect the contents of system files, and applications cannot surreptitiously export data from the machine. Protecting passwords means ensuring that whatever code verifies the password can reveal only a single bit signifying whether or not authentication succeeded. HiStar is a new operating system designed to provide security while executing untrustworthy code. It provides a Unix-like environment in which all access control is layered on top of a flexible information flow control mechanism enforced by a kernel of 20,000 lines of code. Small amounts of trusted code can enforce security of large untrusted applications in HiStar, such as a 100-line wrapper ensuring that a complex virus scanner cannot divulge your private files.