Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
DistEdit: a distributed toolkit for supporting multiple group editors
CSCW '90 Proceedings of the 1990 ACM conference on Computer-supported cooperative work
Computational mail as network infrastructure for computer-supported cooperative work
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Active mail—a framework for implementing groupware
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Tcl and the Tk toolkit
DistView: support for building efficient collaborative applications using replicated objects
CSCW '94 Proceedings of the 1994 ACM conference on Computer supported cooperative work
EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail
Proceedings of the IFIP TC6/WG6.5 International Conference on Upper Layer Protocols, Architectures and Applications
Support for discretionary role based access control in ACL-oriented operating systems
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
A role-based access control model for protection domain derivation and management
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Requirements of role-based access control for collaborative systems
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
Access control in configurable systems
Secure Internet programming
Operating system protection for fine-grained programs
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Building systems that flexibly control downloaded executable context
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Privacy analysis and enhancements for data sharing in *nix systems
International Journal of Information and Computer Security
Hi-index | 0.00 |
Computational e-mail systems, which allow mail messages to contain command scripts that automatically execute upon receipt, can be used as a basis for building a variety of collaborative applications. However, their use also presents a serious security problem because a command script from a sender may access/modify receiver's private files or execute applications on receiver's behalf. Existing solutions to the problem either severely restrict I/O capability of scripts, limiting the range of applications that can be supported over computational e-mail, or permit all I/O to scripts, potentially compromising the security of the receiver's files. Our model, called the intersection model of security, permits I/O for e-mail from trusted senders but without compromising the security of private files. We describe two implementations of our security model: an interpreter-level implementation and an operating systems-level implementation. We discuss the tradeoffs between the two implementations and suggest directions for future work.