Lightweight remote procedure call
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Scheduling algorithms for modern disk drives
SIGMETRICS '94 Proceedings of the 1994 ACM SIGMETRICS conference on Measurement and modeling of computer systems
PGP source code and internals
Exokernel: an operating system architecture for application-level resource management
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Prolog: the standard: reference manual
Prolog: the standard: reference manual
Think: A Software Framework for Component-based Operating System Kernels
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
A policy flexible architecture for secure operating system
ACM SIGOPS Operating Systems Review
Supporting access control policies across multiple operating systems
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Extensible policy framework for heterogeneous network environments
International Journal of Information and Computer Security
Hi-index | 0.00 |
This paper presents our work concerning flexibility and protection in operating system kernels. In most existing operating systems, security is enforced at the price of flexibility by imposing protection models on the system programmer when building his system. We prove that flexibility can be preserved by separating the management of the protection policy from the tools used to enforce it. We present the secure software framework we have implemented in the THINK architecture to manage protection policies and guarantee they are carried out as specified. We then detail the elementary protection tools provided to the programmer so he can protect his system against unauthorized accesses and denial of service attacks. These tools are implemented in a policy-neutral way so as to guarantee their flexibility. Finally we validate our results by evaluating the flexibility of the protection provided on selected examples of dynamic modification of the protection policy.