Authorizing applications in singularity

Authors:
Ted Wobber;Aydan Yumerefendi;Martín Abadi;Andrew Birrell;Daniel R. Simon
Affiliations:
Microsoft Research, Silicon Valley;Duke University;Microsoft Research, Silicon Valley;Microsoft Research, Silicon Valley;Microsoft Research, Redmond
Venue:
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Year:
2007

Citing 18
Cited 7

Designing a global name service

PODC '86 Proceedings of the fifth annual ACM symposium on Principles of distributed computing
Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication in the Taos operating system

ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
SAFKASI: a security mechanism for language-based systems

ACM Transactions on Software Engineering and Methodology (TOSEM)
Programming Windows Security

Programming Windows Security
Essential .NET: The Common Language Runtime

Essential .NET: The Common Language Runtime
Improving the granularity of access control for Windows 2000

ACM Transactions on Information and System Security (TISSEC)
Protection

ACM SIGOPS Operating Systems Review
A Trusted Open Platform

Computer
Decentralized user authentication in a global file system

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Distributed Proving in Access-Control Systems

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Nexus: a new operating system for trustworthy computing

Proceedings of the twentieth ACM symposium on Operating systems principles
Deconstructing process isolation

Proceedings of the 2006 workshop on Memory system performance and correctness
Language support for fast and reliable message-based communication in singularity OS

Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Access control in a world of software diversity

HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Sealing OS processes to improve dependability and safety

Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007

Singularity: rethinking the software stack

ACM SIGOPS Operating Systems Review - Systems work at Microsoft Research
Sealing OS processes to improve dependability and safety

Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Heat-ray: combating identity snowball attacks using machinelearning, combinatorial optimization and attack graphs

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Access control based on code identity for open distributed systems

TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Convergence of desktop and web applications on a multi-service OS

HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Identifying native applications with high assurance

Proceedings of the second ACM conference on Data and Application Security and Privacy
Content-based isolation: rethinking isolation policy design on client systems

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe a new design for authorization in operating systems in which applications are first-class entities. In this design, principals reflect application identities. Access control lists are patterns that recognize principals. We present a security model that embodies this design in an experimental operating system, and we describe the implementation of our design and its performance in the context of this operating system.