Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Access control in configurable systems
Secure Internet programming
Synchronous IPC over transparent monitors
EW 9 Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system
Vulnerabilities in Synchronous IPC Designs
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
From L3 to seL4 what have we learnt in 20 years of L4 microkernels?
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
| Hi-index | 0.00 |
We present a mechanism for inter-process communication (IPC) redirection that enables efficient and flexible access control for micro-kernel systems. In such systems, services are implemented at user-level, so IPC is the only means of communication between them. Thus, the system must be able to mediate IPCs to enforce its access control policy. Such mediation must enable enforcement of security policy with as little performance overhead as possible, but current mechanisms either: (1) place significant access control functionality in the kernel which increases IPC cost or (2) are static and require more IPCs than necessary to enforce access control. We define an IPC redirection mechanism that makes two improvements: (1) it removes the management of redirection policy from the kernel, so access control enforcement can be implemented outside the kernel and (2) it separates the notion of who controls the redirection policy from the redirections themselves, so redirections can be configured arbitrarily and dynamically. In this paper, we define our redirection mechanism, demonstrate its use, and examine possible, efficient implementations.