Towards trusted systems from the ground up

Authors:
Vivek Haldar;Michael Franz
Affiliations:
University of California, Irvine, CA;University of California, Irvine, CA
Venue:
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Year:
2002

Citing 16
Cited 0

Efficient software-based fault isolation

SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
The Oberon System family

Software—Practice & Experience
Exokernel: an operating system architecture for application-level resource management

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Dealing with disaster: surviving misbehaved kernel extensions

OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Flux OSKit: a substrate for kernel and language research

Proceedings of the sixteenth ACM symposium on Operating systems principles
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language

ACM Transactions on Programming Languages and Systems (TOPLAS)
A high-performance network intrusion detection system

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
SASI enforcement of security policies: a retrospective

Proceedings of the 1999 workshop on New security paradigms
Enforcing high-level protocols in low-level software

Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Types and programming languages

Types and programming languages
Java Virtual Machine Specification

Java Virtual Machine Specification
Beyond Address Spaces -Flexibility, Performance, Protection, and Resource Management in the Type-Safe JX Operating System

HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Checking system rules using system-specific, programmer-written compiler extensions

OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4

Quantified Score

Hi-index	0.00

Visualization

Abstract

Operating systems, the most fundamental software layer in virtually every computer system, are notoriously insecure and unreliable. A possible reason for this situation is that progress on language-based safety and security mechanisms has largely been ignored in the context of operating systems. There is a lack of mechanical checking of safety properties (both at compile- and run-time) as well as a framework and a mechanism for expressing, safely transporting and enforcing such properties. Our solution is to leverage language-based mechanisms by reversing the traditional relationship of operating systems and programming languages --- implement operating system functionality on top of a provably safe and secure language and its runtime environment instead of the other way round. We propose to leverage these mechanisms, many of which have been developed in the context of mobile code infrastructures, to build secure systems from the ground up. Such a system would be more secure, flexible and scalable compared to existing systems.