Fault Tolerant Operating Systems
ACM Computing Surveys (CSUR)
A note on the confinement problem
Communications of the ACM
The Java Tutorial Continued: The Rest of the JDK
The Java Tutorial Continued: The Rest of the JDK
ACM SIGOPS Operating Systems Review
A Case For Grid Computing On Virtual Machines
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Why Secure Applications Are Difficult to Write
IEEE Security and Privacy
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Application-level isolation and recovery with solitude
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Hi-index | 0.00 |
In this paper, we introduce a new application isolation model which bases on Least-Privilege principle and Need-to-Know principle. Since this model is easy to implement, we call it the Feather-weight Application Isolation (FAI) model. This model is used to achieve the Process Permission Constraint (PPC) and classified Object Access Control (OAC). The model allows us to make application isolation depending on PPC policies and OAC policies. Compared with the existing complex isolation models such as sandboxes and virtual machines, the FAI model is simpler, and therefore it does not only meet the necessary security requirements but also increases the usability. To isolate applications and prevent classified objects of the applications from being illegally tampered, the FAI model extends the traditional two-dimensional access control matrix to a three-dimensional access control matrix, which includes subjects, objects and processes. In order to support multi-level security and Mandatory Access Control (MAC), the concept of processes sensitivity level ranges is considered in the model. In this article, we first give an informal description of the model, and then introduce the formalized description and safety analysis. Finally we explain the feasibility of the model by showing the result of the engineering implementation.