A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Lattice-Based Access Control Models
Computer
TrustedBSD: Adding Trusted Operating System Features to FreeBSD
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Trusted Computing Platforms: Design and Applications
Trusted Computing Platforms: Design and Applications
Does Trusted Computing Remedy Computer Security Problems?
IEEE Security and Privacy
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection
IEEE Security and Privacy
Application security support in the operating system kernel
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Proper: privileged operations in a virtualised system environment
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Semantic remote attestation: a virtual machine directed approach to trusted computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
A user-mode port of the linux kernel
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
An Integrity Assurance Mechanism for Run-Time Programs
Information Security and Cryptology
Wake up or fall asleep-value implication of trusted computing
Information Technology and Management
| Hi-index | 0.00 |
The increasing number of software-based attacks has attracted substantial efforts to prevent applications from malicious interference. For example, Trusted Computing (TC) technologies have been recently proposed to provide strong isolation on application platforms. On the other hand, today pervasively available computing cycles and data resources have enabled various distributed applications that require collaboration among different application processes. These two conflicting trends grow in parallel. While much existing research focuses on one of these two aspects, a few authors have considered simultaneously providing strong isolation as well as collaboration convenience, particularly in the TC environment. However, none of these schemes is transparent. That is, they require modifications either of legacy applications or the underlying Operating System (OS).In this paper, we propose the SecureBus (SB) architecture, aiming to provide strong isolation and flexible controlled information flow and communication between processes at runtime. Since SB is application and OS transparent, existing applications can run without changes to commodity OS's. Furthermore, SB enables the enforcement of general access control policies, which is required but difficult to achieve for typical legacy applications. To study its feasibility and performance overhead, we have implemented a prototype system based on User-Mode Linux. Our experimental results show that SB can effectively achieve its design goals.