Improving IPC by kernel design
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Support for the file system security requirements of computational E-mail systems
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Support for discretionary role based access control in ACL-oriented operating systems
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
A role-based access control model for protection domain derivation and management
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
A Flexible Security System for Using Internet Content
IEEE Software
EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail
Proceedings of the IFIP TC6/WG6.5 International Conference on Upper Layer Protocols, Architectures and Applications
ACM SIGOPS Operating Systems Review
New security architectural directions for Java
COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
Secure Applications Need Flexible Operating Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Security for Extensible Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS
NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS
TRON: process-specific file protection for the UNIX operating system
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
Nested Java processes: OS structure for mobile code
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Security architecture for component-based operating systems
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Access control in configurable systems
Secure Internet programming
LISA '98 Proceedings of the 12th USENIX conference on System administration
The KaffeOS Java runtime system
ACM Transactions on Programming Languages and Systems (TOPLAS)
Processes in KaffeOS: isolation, resource management, and sharing in java
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
High-performance caching with the Lava hit-server
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Identifying native applications with high assurance
Proceedings of the second ACM conference on Data and Application Security and Privacy
Hi-index | 0.00 |
We present an operating system-level security model for controlling fine-grained programs, such as downloaded executable content, and compare this security model's implementation to that of language-based security models. Language-based security has well-known limitations, such as the lack of complete mediation (e.g., for compiled programs or race condition attacks) and faulty self-protection (effective security is unproven). Operating system-level models are capable of complete mediation and self-protection, but some researchers argue that operating system-level security models are unlikely to supplant such language-based models because they lack portability and performance. In this paper, we detail an operating system-level security model built on the Lava Nucleus, a minimal, fast µ-kernel operating system. We show how it can enforce security requirements for fine-grained programs and show that its performance overhead (with the additional security) can be virtually negligible when compared to language-based models. Given the sufficient performance and security, the portability issue should become moot because other vendors will have to meet the higher security and performance expectations of their customers.