THINK: a secure distributed systems architecture

Authors:
Christophe Rippert;Jean-Bernard Stefani
Affiliations:
SARDES project, CNRS-INPG-INRIA-UJF;SARDES project, CNRS-INPG-INRIA-UJF
Venue:
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Year:
2002

Citing 11
Cited 0

Lightweight remote procedure call

ACM Transactions on Computer Systems (TOCS)
Efficient software-based fault isolation

SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Exokernel: an operating system architecture for application-level resource management

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Dynamic binding for an extensible system

OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
The Flux OSKit: a substrate for kernel and language research

Proceedings of the sixteenth ACM symposium on Operating systems principles
Resource containers: a new facility for resource management in server systems

OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Defending against denial of service attacks in Scout

OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Developing and using a “policy neutral” access control policy

NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Think: A Software Framework for Component-based Operating System Kernels

ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Resisting SYN flood DoS attacks with a SYN cache

BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Processes in KaffeOS: isolation, resource management, and sharing in java

OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present THINK, our distributed systems architecture, and the research we have conducted to provide the system programmer with an architecture he can use to build efficient and secure operating systems. By specifying and implementing elementary tools that can be used by the system programmer to implement a chosen security policy, we prove that flexibility can be guaranteed in an operating system without compromising security. Our work focuses on protection against denial of service attacks which compromise the system fairness in resource multiplexing and can cause the system to stall due to resource starvation.