Make least privilege a right (not a privilege)

Authors:
Maxwell Krohn;Petros Efstathopoulos;Cliff Frey;Frans Kaashoek;Eddie Kohler;David Mazières;Robert Morris;Michelle Osborne;Steve VanDeBogart;David Ziegler
Affiliations:
MIT;UCLA;MIT;MIT;UCLA;NYU;MIT;NYU;UCLA;MIT
Venue:
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Year:
2005

Citing 18
Cited 12

A Retrospective on the VAX VMM Security Kernel

IEEE Transactions on Software Engineering
Toward real microkernels

Communications of the ACM
A decentralized model for information flow control

Proceedings of the sixteenth ACM symposium on Operating systems principles
EROS: a fast capability system

Proceedings of the seventeenth ACM symposium on Operating systems principles
The use of name spaces in plan 9

EW 5 Proceedings of the 5th workshop on ACM SIGOPS European workshop: Models and paradigms for distributed systems structuring
The KeyKOS Nanokernel Architecture

Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures
TrustedBSD: Adding Trusted Operating System Features to FreeBSD

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
A Toolkit for User-Level File Systems

Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Anomaly intrusion detection in dynamic execution environments

Proceedings of the 2002 workshop on New security paradigms
Assuring Distributed Trusted Mach

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Scale and performance in the Denali isolation kernel

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Building secure high-performance web services with OKWS

ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
REX: secure, extensible remote execution

ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Preventing privilege escalation

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The flask security architecture: system support for diverse security policies

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A secure environment for untrusted helper applications confining the Wily Hacker

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Labels and event processes in the asbestos operating system

Proceedings of the twentieth ACM symposium on Operating systems principles
Dynamic trust assessment of software services

2nd international workshop on Service oriented software engineering: in conjunction with the 6th ESEC/FSE joint meeting
Labels and event processes in the Asbestos operating system

ACM Transactions on Computer Systems (TOCS)
Wedge: splitting applications into reduced-privilege compartments

NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Reusability of Functionality-Based Application Confinement Policy Abstractions

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Nemesis: preventing authentication & access control vulnerabilities in web applications

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Johnny can drag and drop: determining user intent through traditional interactions to improve desktop security

Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
Making Linux protection mechanisms egalitarian with UserFS

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Making information flow explicit in HiStar

Communications of the ACM
CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization

SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
An evaluation of the Google Chrome extension security architecture

Security'12 Proceedings of the 21st USENIX conference on Security symposium
Enforcing user-space privilege separation with declarative architectures

Proceedings of the seventh ACM workshop on Scalable trusted computing

Quantified Score

Hi-index	0.02

Visualization

Abstract

Though system security would benefit if programmers routinely followed the principle of least privilege [24], the interfaces exposed by operating systems often stand in the way. We investigate why modern OSes thwart secure programming practices and propose solutions.