Lightweight remote procedure call
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Compartmented Mode Workstation: Prototype Highlights
IEEE Transactions on Software Engineering
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
A note on the confinement problem
Communications of the ACM
IEEE Internet Computing
User Interaction Design for Secure Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Pragmatic Nonblocking Synchronization for Real-Time Systems
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Proceedings of the 11th USENIX Security Symposium
Proceedings of the 11th USENIX Security Symposium
Verifying the EROS Confinement Mechanism
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
DOpE - a Window Server for Real-Time and Embedded Systems
RTSS '03 Proceedings of the 24th IEEE International Real-Time Systems Symposium
WWW electronic commerce and java trojan horses
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
Preventing the capture of sensitive information
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Chinese-wall process confinement for practical distributed coalitions
Proceedings of the 12th ACM symposium on Access control models and technologies
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
A Demonstrative Ad Hoc Attestation System
ISC '08 Proceedings of the 11th international conference on Information Security
Towards application security on untrusted operating systems
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Secure 3D graphics for virtual machines
Proceedings of the Second European Workshop on System Security
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Towards a trusted mobile desktop
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
The web interface should be radically refactored
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Proceedings of the 2012 ACM conference on Computer and communications security
Embassies: radically refactoring the web
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Securing embedded user interfaces: Android and beyond
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Window systems are the primary mediator of user input and output in modern computing systems. They are also a commonly used interprocess communication mechanism. As a result, they play a key role in the enforcement of security policies and the protection of sensitive information. A user typing a password or passphrase must be assured that it is disclosed exclusively to the intended program. In highly secure systems, global policies concerning information flow restrictions must be honored. Most window systems today, including X11 and Microsoft Windows, have carried forward the presumptive trust assumptions of the Xerox Alto from which they were conceptually derived. These assumptions are inappropriate for modern computing environments. In this paper, we present the design of a new trusted window system for the EROS capability-based operating system. The EROS Window System (EWS) provides robust traceability of user volition and is capable (with extension) of enforcing mandatory access controls. The entire implementation of EWS is less than 4,500 lines, which is a factor of ten smaller than previous trusted window systems such as Trusted X, and well within the range of what can feasibly be evaluated for high assurance.