摘要: In a configurable system, operating systems and applications are composed dynamically from executable modules. Since dyneimically downloaded modules may not be entirely trusted, the system must able to restrict their access rights. Current assign permissions based on executor, provider, and/or name. such serve specific purposes in programs (i.e., services or applications), it should possible rights program for which they used current state of that program. this paper, we examine control infrastructure required support composition Access consists primarily two functions: policy specification enforcement policy. We survey representations mechanisms show flexibility provide limits. then how Lava Security Architecture is designed flexible enforcement.
springer.com
elsevier.com
sci-hub.st 参考文章(50)
Spencer E. Minear, Providing policy control over object operations in a mach based system usenix security symposium. pp. 13- 13 ,(1995)
James P. Anderson, Computer Security Technology Planning Study ,(1972)
Naftaly H. Minsky, Victoria Ungureanu, Unified support for heterogeneous security policies in distributed systems usenix security symposium. pp. 10- 10 ,(1998)
Roland Schemers, Marianne Mueller, Li Gong, Hemma Prafullchandra, Going beyond the sandbox: an overview of the new security architecture in the java TM development Kit 1.2 usenix symposium on internet technologies and systems. pp. 10- 10 ,(1997)
Aviel D. Rubin, Trent Jaeger, Atul Prakash, Building systems that flexibly control downloaded executable context usenix security symposium. pp. 14- 14 ,(1996)
M. V. Wilkes, R. M. Needham, The Cambridge CAP computer and its operating system ,(1979)
Jochen Liedtke, Trent Jaeger, Nayeem Islam, Operating system protection for fine-grained programs usenix security symposium. pp. 11- 11 ,(1998)
Günter Karjoth, Authorization in CORBA Security european symposium on research in computer security. pp. 143- 158 ,(1998) , 10.1007/BFB0055861
Rob Pike, Sean Dorward, Phil Winterbottom, Dave Presotto, Dennis Ritchie, Howard Trickey, None, Inferno: la commedia interattiva usenix annual technical conference. pp. 26- 26 ,(1997)
T. Jaeger, K. Elphinstone, J. Liedtke, V. Panteleenko, Y. Park, Flexible access control using IPC redirection Proceedings of the Seventh Workshop on Hot Topics in Operating Systems. pp. 191- 196 ,(1999) , 10.1109/HOTOS.1999.798399