Compartmented Mode Workstation: Prototype Highlights
IEEE Transactions on Software Engineering
Role-Based Access Control Models
Computer
Joint actions based authorization schemes
ACM SIGOPS Operating Systems Review
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Integrated constraints and inheritance in DTAC
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
A note on the confinement problem
Communications of the ACM
Lattice-Based Access Control Models
Computer
TrustedBSD: Adding Trusted Operating System Features to FreeBSD
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Proceedings of the 11th USENIX Security Symposium
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Verifying the EROS Confinement Mechanism
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A domain and type enforcement UNIX prototype
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
SecureBus: towards application-transparent trusted computing with mandatory access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
NetAuth: supporting user-based network services
SS'08 Proceedings of the 17th conference on Security symposium
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
A compositional multiple policies operating system security model
WISA'07 Proceedings of the 8th international conference on Information security applications
| Hi-index | 0.00 |
Application security is typically coded in the application. In kernelSec, we are investigating mechanisms to implement application security in an operating system kernel. The mechanisms are oriented towards providing authorization properties, and this goal drives the design of permissions and protection mechanisms.The resulting system is dynamic, allowing the set of permissions for a program to evolve during program execution. This reduces the need for users and applications to be aware of protection mechanism, since the protection mechanism provides the user with more freedom in how they do things. We explore these properties through a number of examples.KernelSec also supports a group (role) mechanism which can define constrained groups enabling groups which only grow, only shrink, are constant, are mutually exclusive with other groups, and which allow inheritance. Moreover groups are used to regulate group membership and allow group administration by non-privileged users.