The PARSEQ project: an interim report
Selected papers of the second workshop on Languages and compilers for parallel computing
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Transaction Processing: Concepts and Techniques
Transaction Processing: Concepts and Techniques
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
ACM SIGOPS Operating Systems Review
Thirty Years Later: Lessons from the Multics Security Evaluation
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Verifying the EROS Confinement Mechanism
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Memory resource management in VMware ESX server
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Design of a Computer—The Control Data 6600
Design of a Computer—The Control Data 6600
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Application security support in the operating system kernel
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Sub-operating systems: a new approach to application security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Proceedings of the 3rd workshop on Programming languages and operating systems: linguistic support for modern operating systems
Singularity: rethinking the software stack
ACM SIGOPS Operating Systems Review - Systems work at Microsoft Research
TOCTTOU vulnerabilities in UNIX-style file systems: an anatomical study
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Computer
Proceedings of the 2008 workshop on New security paradigms
| Hi-index | 0.00 |
For over 30 years, system software has been bound by compatibility with legacy applications. The system software base, whether proprietary or open source, is dominated by the programming language C and the POSIX operating system specification. Even when commercial operating systems stray from this model, they don't go very far. Unfortunately, the POSIX/C base was constructed in a more benign environment than today and before many security issues were widely understood. Rather than fix these issues, compatibility has been deemed more important than security, and so this base has been kept intact with all its flaws. As a result, programmers routinely create software with security holes---even in the most security critical software---and today's systems are easily attacked. We propose a new paradigm of system discontinuity which emphasizes security over compatibility by removing those constructs in our system software which lead to security holes in applications. Of course, removing parts of the interface will break applications, and hence the discontinuity. To deal with this situation, we advocate the use of virtual machines to enable multiple operating systems to run concurrently. Thus high security OSs can be used for the most security sensitive applications. Compatibility is maintained for less security sensitive applications using legacy operating systems. Over time, legacy applications can migrate to a more secure OS, thus raising the security of all applications.