Communications of the ACM
Experiences with the Amoeba distributed operating system
Communications of the ACM
Multilevel security in the UNIX tradition
Software—Practice & Experience
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
SEDA: an architecture for well-conditioned, scalable internet services
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)
Fast Software Encryption, Cambridge Security Workshop
Security and protection of data in the IBM System/38
ISCA '80 Proceedings of the 7th annual symposium on Computer Architecture
Accent: A communication oriented network operating system kernel
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Capriccio: scalable threads for internet services
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Operating system support for virtual machines
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
Building secure high-performance web services with OKWS
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Make least privilege a right (not a privilege)
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Flash: an efficient and portable web server
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Nexus: a new operating system for trustworthy computing
Proceedings of the twentieth ACM symposium on Operating systems principles
Ad hoc extensibility and access control
ACM SIGOPS Operating Systems Review
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Daonity - Grid security from two levels of virtualization
Information Security Tech. Report
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
Improving multi-tier security using redundant authentication
Proceedings of the 2007 ACM workshop on Computer security architecture
Alpaca: extensible authorization for distributed services
Proceedings of the 14th ACM conference on Computer and communications security
K42: lessons for the OS community
ACM SIGOPS Operating Systems Review
Understanding and visualizing full systems with data flow tomography
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Dynamic multi-process information flow tracking for web application security
Proceedings of the 2007 ACM/IFIP/USENIX international conference on Middleware companion
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Wedge: splitting applications into reduced-privilege compartments
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
A Practical Activity Capture Framework for Personal, Lifetime User Modeling
UM '07 Proceedings of the 11th international conference on User Modeling
EON: modeling and analyzing dynamic access control systems with logic programs
Proceedings of the 15th ACM conference on Computer and communications security
NetAuth: supporting user-based network services
SS'08 Proceedings of the 17th conference on Security symposium
A type system for data-flow integrity on Windows Vista
ACM SIGPLAN Notices
Privacy-preserving browser-side scripting with BFlow
Proceedings of the 4th ACM European conference on Computer systems
Simplifying security policy descriptions for internet servers in secure operating systems
Proceedings of the 2009 ACM symposium on Applied Computing
Trojan horse resistant discretionary access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Information protection via environmental data tethers
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Verifying Information Flow Control over Unbounded Processes
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Toward trustworthy mobile sensing
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
Neon: system support for derived data management
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
A compositional multiple policies operating system security model
WISA'07 Proceedings of the 8th international conference on Information security applications
Decentralized information flow control on a bare-metal JVM
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Convergence of desktop and web applications on a multi-service OS
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
An SSH-based toolkit for user-based network services
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Hardware enforcement of application security policies using tagged memory
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Layering in provenance systems
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
DEFCON: high-performance event processing with information security
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Determinating timing channels in compute clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Proceedings of the 2010 workshop on New security paradigms
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Static checking of dynamically-varying security policies in database-backed applications
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Automating configuration troubleshooting with dynamic information flow analysis
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Making Linux protection mechanisms egalitarian with UserFS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
TaintEraser: protecting sensitive data leaks using application-level taint tracking
ACM SIGOPS Operating Systems Review
Tightlip: keeping applications from spilling the beans
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Do you know where your data are?: secure data capsules for deployable data protection
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Automating information flow control in component-based distributed systems
Proceedings of the 14th international ACM Sigsoft symposium on Component based software engineering
Secure data preservers forweb services
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Making information flow explicit in HiStar
Communications of the ACM
Distributed middleware enforcement of event flow security policy
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
Toward secure embedded web interfaces
SEC'11 Proceedings of the 20th USENIX conference on Security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Poster: towards formal verification of DIFC policies
Proceedings of the 18th ACM conference on Computer and communications security
CertiKOS: a certified kernel for secure cloud computing
Proceedings of the Second Asia-Pacific Workshop on Systems
Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems
ACM Transactions on Architecture and Code Optimization (TACO)
The HybrEx model for confidentiality and privacy in cloud computing
HotCloud'11 Proceedings of the 3rd USENIX conference on Hot topics in cloud computing
A model of information flow control to determine whether malfunctions cause the privacy invasion
Proceedings of the First Workshop on Measurement, Privacy, and Mobility
Decentralized delimited release
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Representation-Independent data usage control
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
mTags: augmenting microkernel messages with lightweight metadata
ACM SIGOPS Operating Systems Review
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Abstractions for usable information flow control in Aeolus
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Secure programming via visibly pushdown safety games
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Addressing covert termination and timing channels in concurrent information flow systems
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Auditing cloud management using information flow tracking
Proceedings of the seventh ACM workshop on Scalable trusted computing
Automatic covert channel detection in asbestos system (poster abstract)
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
IFDB: decentralized information flow control for databases
Proceedings of the 8th ACM European Conference on Computer Systems
Efficient user-space information flow control
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
A taint marking approach to confidentiality violation detection
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
Content-based isolation: rethinking isolation policy design on client systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Practical information-flow aware middleware for in-car communication
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
A portable user-level approach for system-wide integrity protection
Proceedings of the 29th Annual Computer Security Applications Conference
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Hi-index | 0.02 |
Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced label mechanism, including controls on inter-process communication and system-wide information flow. A new event process abstraction provides lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while preventing it from leaking any single user's data to any other user. A Web server that uses Asbestos labels to isolate user data requires about 1.5 memory pages per user, demonstrating that additional security can come at an acceptable cost.