Make least privilege a right (not a privilege)
作者: Maxwell N Krohn , Petros Efstathopoulos , Cliff Frey , M Frans Kaashoek , Eddie Kohler
DOI:
关键词:
摘要: Though system security would benefit if programmers routinely followed the principle of least privilege [24], interfaces exposed by operating systems often stand in way. We investigate why modern OSes thwart secure programming practices and propose solutions.
acm.org
stanford.edu 参考文章(26)
Peter Honeyman, Niels Provos, Markus Friedl, Preventing privilege escalation usenix security symposium. pp. 16- 16 ,(2003)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
Maxwell Krohn, Building secure high-performance web services with OKWS usenix annual technical conference. pp. 15- 15 ,(2004)
Peter A. Loscocco, Stephen D. Smalley, Meeting Critical Security Objectives with Security-Enhanced Linux ,(2001)
Robert N. M. Watson, TrustedBSD: Adding Trusted Operating System Features to FreeBSD usenix annual technical conference. pp. 15- 28 ,(2001)
M. V. Wilkes, R. M. Needham, The Cambridge CAP computer and its operating system ,(1979)
Niels Provos, Improving host security with system call policies usenix security symposium. pp. 18- 18 ,(2003)
Henry M. Levy, Capability-Based Computer Systems ,(1984)
David Mazières, A Toolkit for User-Level File Systems usenix annual technical conference. pp. 261- 274 ,(2001)
William S. Frantz, Allen C. Bomberger, Ann C. Hardy, Jonathan S. Shapiro, Charles R. Landau, Norman Hardy, The KeyKOS Nanokernel Architecture Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures. pp. 95- 112 ,(1992)