IEEE Transactions on Computers - Special issue on architectural support for programming languages and operating systems
Active mail—a framework for implementing groupware
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Improving IPC by kernel design
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Support for the file system security requirements of computational E-mail systems
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Sharing and protection in a single-address-space operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
Exokernel: an operating system architecture for application-level resource management
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Role-Based Access Control Models
Computer
Dealing with disaster: surviving misbehaved kernel extensions
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
The Flux OSKit: a substrate for kernel and language research
Proceedings of the sixteenth ACM symposium on Operating systems principles
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles: preliminary description and outline
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Reconciling role based management and role based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Rationale for the RBAC96 family of access control models
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Java Security: Present and Near Future
IEEE Micro
Authorization in CORBA Security
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Architektur von Rechensystemen, 12. GI/ITG-Fachtagung
ACM SIGOPS Operating Systems Review
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Preventing Denial-of-Service Attacks on a P-Kernel for WebOSes
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Flexible Access Control using IPC Redirection
HOTOS '99 Proceedings of the The Seventh Workshop on Hot Topics in Operating Systems
Protection domain extensions in Mungi
IWOOOS '96 Proceedings of the 5th International Workshop on Object Orientation in Operating Systems (IWOOOS '96)
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
The Cambridge CAP computer and its operating system (Operating and programming systems series)
The Cambridge CAP computer and its operating system (Operating and programming systems series)
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Unified support for heterogeneous security policies in distributed systems
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Operating system protection for fine-grained programs
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Building systems that flexibly control downloaded executable context
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Providing policy control over object operations in a mach based system
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Inferno: la commedia interattiva
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
Privacy in the electronic society
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Hi-index | 0.00 |
In a configurable system, operating systems and applications are composed dynamically from executable modules. Since dyneimically downloaded modules may not be entirely trusted, the system must be able to restrict their access rights. Current systems assign permissions to modules based on their executor, provider, and/or name. Since such modules may serve specific purposes in programs (i.e., services or applications), it should be possible to restrict their access rights based on the program for which they are used and the current state of that program. In this paper, we examine the access control infrastructure required to support the composition of systems and applications from modules. Access control infrastructure consists primarily of two functions: access control policy specification and enforcement of that policy. We survey representations for access control policy specification and mechanisms for access control policy enforcement to show the flexibility they provide and their limits. We then show how the Lava Security Architecture is designed to support flexible policy specification and enforcement.