Protection in flexible operating system architectures

Authors:
Christophe Rippert
Affiliations:
SARDES project, LSR-IMAG laboratory, INRIA Rhône-Alpes, 655 avenue de l'Europe, Montbonnot 38334 St Ismier Cedex, France
Venue:
ACM SIGOPS Operating Systems Review
Year:
2003

Citing 7
Cited 3

Lightweight remote procedure call

SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Efficient software-based fault isolation

SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Scheduling algorithms for modern disk drives

SIGMETRICS '94 Proceedings of the 1994 ACM SIGMETRICS conference on Measurement and modeling of computer systems
PGP source code and internals

PGP source code and internals
Exokernel: an operating system architecture for application-level resource management

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Prolog: the standard: reference manual

Prolog: the standard: reference manual
Think: A Software Framework for Component-based Operating System Kernels

ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference

A policy flexible architecture for secure operating system

ACM SIGOPS Operating Systems Review
Supporting access control policies across multiple operating systems

Proceedings of the 43rd annual Southeast regional conference - Volume 2
Extensible policy framework for heterogeneous network environments

International Journal of Information and Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents our work concerning flexibility and protection in operating system kernels. In most existing operating systems, security is enforced at the price of flexibility by imposing protection models on the system programmer when building his system. We prove that flexibility can be preserved by separating the management of the protection policy from the tools used to enforce it. We present the secure software framework we have implemented in the THINK architecture to manage protection policies and guarantee they are carried out as specified. We then detail the elementary protection tools provided to the programmer so he can protect his system against unauthorized accesses and denial of service attacks. These tools are implemented in a policy-neutral way so as to guarantee their flexibility. Finally we validate our results by evaluating the flexibility of the protection provided on selected examples of dynamic modification of the protection policy.