Communications of the ACM
Experiences with the Amoeba distributed operating system
Communications of the ACM
Multilevel security in the UNIX tradition
Software—Practice & Experience
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)
Fast Software Encryption, Cambridge Security Workshop
Security and protection of data in the IBM System/38
ISCA '80 Proceedings of the 7th annual symposium on Computer Architecture
Accent: A communication oriented network operating system kernel
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Capriccio: scalable threads for internet services
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Full TCP/IP for 8-bit architectures
Proceedings of the 1st international conference on Mobile systems, applications and services
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Operating system support for virtual machines
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
Building secure high-performance web services with OKWS
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Make least privilege a right (not a privilege)
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Flash: an efficient and portable web server
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Manageable fine-grained information flow
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Laminar: practical fine-grained decentralized information flow control
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
PrivateFlow: decentralised information flow control in event based middleware
Proceedings of the Third ACM International Conference on Distributed Event-Based Systems
The cake is a lie: privilege rings as a policy resource
Proceedings of the 1st ACM workshop on Virtual machine security
Event-processing middleware with information flow control
Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware
Verifying Information Flow Control over Unbounded Processes
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Airavat: security and privacy for MapReduce
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
DBTaint: cross-application information flow tracking via databases
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
DIFC programs by automatic instrumentation
Proceedings of the 17th ACM conference on Computer and communications security
The home needs an operating system (and an app store)
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
A labelling system for derived data control
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Structuring protocol implementations to protect sensitive data
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
SEAL: a logic programming framework for specifying and verifying access control models
Proceedings of the 16th ACM symposium on Access control models and technologies
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Combining Discretionary Policy with Mandatory Information Flow in Operating Systems
ACM Transactions on Information and System Security (TISSEC)
An operating system for the home
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Advanced MAC in HPC Systems: Performance Improvement
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Policy-sealed data: a new abstraction for building trusted cloud services
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Pasture: secure offline data access using commodity trusted hardware
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Information Security Tech. Report
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
Mandatory access control with a multi-level reference monitor: PIGA-cluster
Proceedings of the first workshop on Changing landscapes in HPC security
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SilverLine: preventing data leaks from compromised web applications
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Asbestos, a new operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced labels, including controls on interprocess communication and system-wide information flow. A new event process abstraction defines lightweight, isolated contexts within a single process, allowing one process to act on behalf of multiple users while preventing it from leaking any single user's data to others. A Web server demonstration application uses these primitives to isolate private user data. Since the untrusted workers that respond to client requests are constrained by labels, exploited workers cannot directly expose user data except as allowed by application policy. The server application requires 1.4 memory pages per user for up to 145,000 users and achieves connection rates similar to Apache, demonstrating that additional security can come at an acceptable cost.