A security model for military message systems
ACM Transactions on Computer Systems (TOCS)
Preserving and using context information in interprocess communication
ACM Transactions on Computer Systems (TOCS)
Assuring Distributed Trusted Mach
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Separating access control policy, enforcement, and functionality in extensible systems
ACM Transactions on Computer Systems (TOCS)
Providing policy-neutral and transparent access control in extensible systems
Secure Internet programming
Remus: a security-enhanced operating system
ACM Transactions on Information and System Security (TISSEC)
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
TrustedBSD: Adding Trusted Operating System Features to FreeBSD
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
A comparison between ConSA and current Linux security implementations
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Stateful distributed interposition
ACM Transactions on Computer Systems (TOCS)
Towards a formal model for security policies specification and validation in the selinux system
Proceedings of the ninth ACM symposium on Access control models and technologies
SubDomain: Parsimonious Server Security
LISA '00 Proceedings of the 14th USENIX conference on System administration
Automatic placement of authorization hooks in the linux security modules framework
Proceedings of the 12th ACM conference on Computer and communications security
Application security support in the operating system kernel
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Trusted path execution for the linux 2.6 kernel as a linux security module
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Modular construction of DTE policies
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Enhancements to the linux kernel for blocking buffer overflow based attack
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Domain and type enforcement for linux
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
Expanding Malware Defense by Securing Software Installations
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Causeway: support for controlling and analyzing the execution of multi-tier applications
Proceedings of the ACM/IFIP/USENIX 2005 International Conference on Middleware
Flexible and efficient sandboxing based on fine-grained protection domains
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Enforcement of integrated security policy in trusted operating systems
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
An OS security protection model for defeating attacks from network
ICISS'07 Proceedings of the 3rd international conference on Information systems security
A compositional multiple policies operating system security model
WISA'07 Proceedings of the 8th international conference on Information security applications
Combining Discretionary Policy with Mandatory Information Flow in Operating Systems
ACM Transactions on Information and System Security (TISSEC)
Causeway: support for controlling and analyzing the execution of multi-tier applications
Middleware'05 Proceedings of the ACM/IFIP/USENIX 6th international conference on Middleware
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Mandatory access control with a multi-level reference monitor: PIGA-cluster
Proceedings of the first workshop on Changing landscapes in HPC security
| Hi-index | 0.00 |
UNIX system security today often relies on correct operation of numerous privileged subsystems and careful attention by expert system administrators. In the context of global and possibly hostile networks, these traditional UNIX weaknesses raise a legitimate question about whether UNIX systems are appropriate platforms for processing and safeguarding important information resources. Domain and Type Enforcement (DTE) is an access control technology for partitioning host operating systems such as UNIX into access control domains. Such partitioning has promise both to enforce organizational security policies that protect special classes of information and to generically strengthen operating systems against penetration attacks. This paper reviews the primary DTE concepts, discusses their application to IP networks and NFS, and then describes the design and implementation of a DTE UNIX prototype system.