Support for the file system security requirements of computational E-mail systems

Authors:
Trent Jaeger;Atul Prakash
Affiliations:
Software Systems Research Laboratory, Department of Electrical Engineering and Computer Science, University of Michigan, Ann Arbor, MI;Software Systems Research Laboratory, Department of Electrical Engineering and Computer Science, University of Michigan, Ann Arbor, MI
Venue:
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Year:
1994

Citing 8
Cited 8

Integrating security in a large distributed system

ACM Transactions on Computer Systems (TOCS)
Scalable, Secure, and Highly Available Distributed File Access

Computer
DistEdit: a distributed toolkit for supporting multiple group editors

CSCW '90 Proceedings of the 1990 ACM conference on Computer-supported cooperative work
Computational mail as network infrastructure for computer-supported cooperative work

CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Active mail—a framework for implementing groupware

CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Tcl and the Tk toolkit

Tcl and the Tk toolkit
DistView: support for building efficient collaborative applications using replicated objects

CSCW '94 Proceedings of the 1994 ACM conference on Computer supported cooperative work
EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail

Proceedings of the IFIP TC6/WG6.5 International Conference on Upper Layer Protocols, Architectures and Applications

Support for discretionary role based access control in ACL-oriented operating systems

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
A role-based access control model for protection domain derivation and management

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Requirements of role-based access control for collaborative systems

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Flexible control of downloaded executable content

ACM Transactions on Information and System Security (TISSEC)
Access control in configurable systems

Secure Internet programming
Operating system protection for fine-grained programs

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Building systems that flexibly control downloaded executable context

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Privacy analysis and enhancements for data sharing in *nix systems

International Journal of Information and Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Computational e-mail systems, which allow mail messages to contain command scripts that automatically execute upon receipt, can be used as a basis for building a variety of collaborative applications. However, their use also presents a serious security problem because a command script from a sender may access/modify receiver's private files or execute applications on receiver's behalf. Existing solutions to the problem either severely restrict I/O capability of scripts, limiting the range of applications that can be supported over computational e-mail, or permit all I/O to scripts, potentially compromising the security of the receiver's files. Our model, called the intersection model of security, permits I/O for e-mail from trusted senders but without compromising the security of private files. We describe two implementations of our security model: an interpreter-level implementation and an operating systems-level implementation. We discuss the tradeoffs between the two implementations and suggest directions for future work.