Survey of recent operating systems research, designs and implementations
ACM SIGOPS Operating Systems Review
| Hi-index | 0.00 |
This thesis demonstrates that the amount of protected, privileged code related to process initiation in a computer utility can be greatly reduced by making process creation unprivileged. The creation of processes can be controlled by the standard mechanism for controlling entry to a domain, which forces a new process to begin execution at a controlled location. Login of users can thus be accomplished by an unprivileged creation of a process in the potential user''s domain, followed by authentication of the user by an unprivileged initial procedure in that domain. The thesis divides the security constraints provided by a computer utility into three classes: Access control, prevention unauthorized denial of service, and confinement. We develop a model that divides process changing, resource control, authentication, and environment initialization. We show which classes of security constraints depend on each of these functions and show how to implement the functions such that these are the only dependencies present. The thesis discusses an implementation of process initiation for the Multics computer utility based on the model. The major problems encountered in this implementation are presented and discussed. We show that this implementation is substantially simpler and more flexible than that used in the current Multics system. 61+9876541