A lattice model of secure information flow
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
The enforcement of security policies for computation
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
COOPERATION OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY
COOPERATION OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY
Secure information flow in computer systems.
Secure information flow in computer systems.
A hardware implementation of capability-based addressing
ACM SIGARCH Computer Architecture News
A hardware implementation of capability-based addressing
ACM SIGOPS Operating Systems Review
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
A security policy for a profile-oriented operating system
AFIPS '81 Proceedings of the May 4-7, 1981, national computer conference
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Pointer tainting still pointless: (but we all see the point of tainting)
ACM SIGOPS Operating Systems Review
| Hi-index | 0.00 |
The foundations of capability schemes are critically examined. The context free utilization of capabilities once acquired is shown to be inconsistent with both least privilege norm and information flow requirements. An enhanced Capability Vector mechanism which pre-confines the set of capabilities with which a given capability can be combined is proposed. It is shown that capability vectors dynamically define an information flow structure which is potentially more refined, flexible, and versatile than traditional information classification systems. Based on this property, a Generalized Capability Vector machine which enforces a controlled information flow policy is designed. The proposed machine supports programmable resources which are either statically or dynamically bound to an information class.