Systems programming with Modula-3
Systems programming with Modula-3
CACL: efficient fine-grained protection for objects
OOPSLA '92 conference proceedings on Object-oriented programming systems, languages, and applications
Interposition agents: transparently interposing user code at the system interface
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
ATOM: a system for building customized program analysis tools
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Sharing and protection in a single-address-space operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Role-Based Access Control Models
Computer
The design and implementation of the 4.4BSD operating system
The design and implementation of the 4.4BSD operating system
Dynamic binding for an extensible system
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
A protection scheme for mobile agents on Java
MobiCom '97 Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Fine-grained dynamic instrumentation of commodity operating system kernels
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Developing and using a “policy neutral” access control policy
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
Active network vision and reality: lessions from a capsule-based system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Design and implementation of a distributed virtual machine for networked computers
Proceedings of the seventeenth ACM symposium on Operating systems principles
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
A lattice model of secure information flow
Communications of the ACM
Java Virtual Machine Specification
Java Virtual Machine Specification
The Java Language Specification
The Java Language Specification
Java Security: Present and Near Future
IEEE Micro
Protection in the Hydra Operating System
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A new approach to mobile code security
A new approach to mobile code security
BIT: a tool for instrumenting java bytecodes
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
A domain and type enforcement UNIX prototype
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Providing policy control over object operations in a mach based system
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Instrumentation and optimization of Win32/intel executables using Etch
NT'97 Proceedings of the USENIX Windows NT Workshop on The USENIX Windows NT Workshop 1997
SLIC: an extensibility system for commodity operating systems
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Automatic program transformation with JOIE
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Using smart clients to build scalable services
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
Channel dependent types for higher-order mobile processes
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
System support for pervasive applications
ACM Transactions on Computer Systems (TOCS)
An aspect-oriented approach to bypassing middleware layers
Proceedings of the 6th international conference on Aspect-oriented software development
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Types and effects for non-interfering program monitors
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Enhancing Java security with history based access control
Foundations of security analysis and design IV
| Hi-index | 0.00 |
Extensible systems, such as Java or the SPIN extensible operating system, allow for units of code, or extensions, to be added to a running system in almost arbitrary fashion. Extensions closely interact through low-latency but type-safe interfaces to form a tightly integrated system. As extensions can come from arbitrary sources, not all of whom can be trusted to conform to an organization's security policy, such structuring raises the question of how security constraints are enforced in an extensible system. In this paper, we present an access control mechanism for extensible systems to address this problem. Our access control mechanism decomposes access control into a policy-neutral enforcement manager and a security policy manager, and it is transparent to extensions in the absence of security violations. It structures the system into protection domains, enforces protection domains through access control checks, and performs auditing of system operations. The access control mechanism works by inspecting extensions for their types and operations to determine which abstractions require protection and by redirecting procedure or method invocations to inject access control operations into the system. We describe the design of this access control mechanism, present an implementation within the SPIN extensible operating systems, and provide a qualitative as well as quantitative evaluation of the mechanism.