Building a secure computer system
Building a secure computer system
Security in a secure capability-based system
ACM SIGOPS Operating Systems Review
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Microkernels meet recursive virtual machines
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Dealing with disaster: surviving misbehaved kernel extensions
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
The Flux OSKit: a substrate for kernel and language research
Proceedings of the sixteenth ACM symposium on Operating systems principles
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
The ARBAC97 model for role-based administration of roles: preliminary description and outline
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Interface and execution models in the Fluke kernel
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Developing and using a “policy neutral” access control policy
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Policy/mechanism separation in Hydra
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
Using kernel hypervisors to secure applications
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Assuring Distributed Trusted Mach
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
The multics system: an examination of its structure
The multics system: an examination of its structure
A comparison of methods for implementing adaptive security policies
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Operating system protection for fine-grained programs
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Providing policy control over object operations in a mach based system
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Panel: which access control technique will provide the greatest overall benefit
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Which operating system access control technique will provide the greatest overall benefit to users?
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Access and use control using externally controlled reference monitors
ACM SIGOPS Operating Systems Review
Design and Implementation of Virtual Private Services
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Stateful distributed interposition
ACM Transactions on Computer Systems (TOCS)
Towards a formal model for security policies specification and validation in the selinux system
Proceedings of the ninth ACM symposium on Access control models and technologies
GridBox: securing hosts from malicious and greedy applications
MGC '04 Proceedings of the 2nd workshop on Middleware for grid computing
Using certified policies to regulate E-commerce transactions
ACM Transactions on Internet Technology (TOIT)
A policy flexible architecture for secure operating system
ACM SIGOPS Operating Systems Review
Privileged operations in the PlanetLab virtualised environment
ACM SIGOPS Operating Systems Review
Sub-operating systems: a new approach to application security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Are virtual machine monitors microkernels done right?
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Make least privilege a right (not a privilege)
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Towards a VMM-based usage control framework for OS kernel integrity protection
Proceedings of the 12th ACM symposium on Access control models and technologies
A logical specification and analysis for SELinux MLS policy
Proceedings of the 12th ACM symposium on Access control models and technologies
Exploiting concurrency vulnerabilities in system call wrappers
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Secure isolation of untrusted legacy applications
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Manageable fine-grained information flow
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Model-driven configuration of os-level mandatory access control: research abstract
Companion of the 30th international conference on Software engineering
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
PULSE: a pluggable user-space Linux security environment
AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Understanding security architecture
Proceedings of the 2008 Spring simulation multiconference
An access control reference architecture
Proceedings of the 2nd ACM workshop on Computer security architectures
Simplifying security policy descriptions for internet servers in secure operating systems
Proceedings of the 2009 ACM symposium on Applied Computing
Analysis of virtual machine system policies
Proceedings of the 14th ACM symposium on Access control models and technologies
The user is not the enemy: fighting malware by tracking user intentions
Proceedings of the 2008 workshop on New security paradigms
Fine-grained I/O access control of the mobile devices based on the Xen architecture
Proceedings of the 15th annual international conference on Mobile computing and networking
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Model-Driven Configuration of SELinux Policies
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Enforcement of integrated security policy in trusted operating systems
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Implementation of LSM-based RBAC module for embedded system
WISA'07 Proceedings of the 8th international conference on Information security applications
A compositional multiple policies operating system security model
WISA'07 Proceedings of the 8th international conference on Information security applications
A logical specification and analysis for SELinux MLS policy
ACM Transactions on Information and System Security (TISSEC)
Lothlorien: mandatory access control using linux security modules
IMSAA'09 Proceedings of the 3rd IEEE international conference on Internet multimedia services architecture and applications
Hardware-assisted security enhanced Linux in embedded systems: a proposal
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Capsicum: practical capabilities for UNIX
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Authorization recycling in hierarchical RBAC systems
ACM Transactions on Information and System Security (TISSEC)
Transactions on computational science XI
Security enhancement of smart phones for enterprises by applying mobile VPN technologies
ICCSA'11 Proceedings of the 2011 international conference on Computational science and its applications - Volume Part III
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Design and implementation of fast access control that supports the separation of duty
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Towards job accounting in existing resource schedulers: weaknesses and improvements
HPCC'06 Proceedings of the Second international conference on High Performance Computing and Communications
Design and implementation of an extended reference monitor for trusted operating systems
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
A security architecture for adapting multiple access control models to operating systems
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
Security on-demand architecture with multiple modules support
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Trusted isolation environment: an attestation architecture with usage control model
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Integration of a cryptographic file system and access control
WISI'06 Proceedings of the 2006 international conference on Intelligence and Security Informatics
A decade of OS access-control extensibility
Communications of the ACM
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
A Decade of OS Access-control Extensibility
Queue - Web Development
Mobile security and privacy: the quest for the mighty access control
Proceedings of the 18th ACM symposium on Access control models and technologies
SEC'13 Proceedings of the 22nd USENIX conference on Security
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
Hi-index | 0.02 |
Operating systems must be flexible in their support for security policies, providing sufficient mechanisms for supporting the wide variety of real-world security policies. Such flexibility requires controlling the propagation of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted access rights. Previous systems are lacking in at least one of these areas. In this paper we present an operating system security architecture that solves these problems. Control over propagation is provided by ensuring that the security policy is consulted for every security decision. This control is achieved without significant performance degradation through the use of a security decision caching mechanism that ensures a consistent view of policy decisions. Both fine-grained access rights and revocation support are provided by mechanisms that are directly integrated into the service-providing components of the system. The architecture is described through its prototype implementation in the Flask microkernel-based operating system, and the policy flexibility of the prototype is evaluated. We present initial evidence that the architecture's impact on both performance and code complexity is modest. Moreover, our architecture is applicable to many other types of operating systems and environments.