A Flexible Containment Mechanism for Executing Untrusted Code
Proceedings of the 11th USENIX Security Symposium
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Sealing OS processes to improve dependability and safety
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Authorizing applications in singularity
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Protection and communication abstractions for web browsers in MashupOS
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism
Proceedings of the 14th ACM conference on Computer and communications security
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Isolating web programs in modern browser architectures
Proceedings of the 4th ACM European conference on Computer systems
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Leveraging legacy code to deploy desktop applications on the web
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
From dependable multi-user to dependable multi-application operating systems: invited talk
Proceedings of the first ACM workshop on Secure execution of untrusted code
Making Linux protection mechanisms egalitarian with UserFS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Privilege separation in HTML5 applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
User interface toolkit mechanisms for securing interface elements
Proceedings of the 25th annual ACM symposium on User interface software and technology
Embassies: radically refactoring the web
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Content-based isolation: rethinking isolation policy design on client systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
How to run POSIX apps in a minimal picoprocess
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Hi-index | 0.00 |
A paradigm shift has been taking place in the personal computer sharing model: a computer is no longer shared by users, but shared by mutually distrusting applications or other content. This multi-application sharing model is mismatched with today's multi-user operating systems like Windows and Linux, which offer protection only across users. This mismatch contributes significantly to today's malware problem: a user is often tricked to download and install malware which runs with the privileges of the user or even with escalated privileges to harm the user's machine. Web-centric computing is another significant trend in computing, which makes web browsers a dominant client application platform. The browser platform supports a multi-application sharing model. However, today's web browsers have never been designed and constructed as an operating system: different web site principals may coexist in the same protection domain, and there is no coherent support for resource access, control, and sharing. This makes browsers a vulnerable and functionally limited platform. In the light of these two trends, we envision ServiceOS, a multi-service OS on which web applications and traditional desktop applications converge. "Service" comes from "Software-as-a-Service". A service is some generic content which can be either code or data. Services are hosted in the cloud and cached on the client. The owner of the service is an OS principal. ServiceOS will enable an application model that synthesizes the best elements from both desktop and web applications, providing fundamentally better security without sacrificing functionality. We sketch our design and present open challenges for this new paradigm of computing.