Labels and event processes in the Asbestos operating system
作者: Steve Vandebogart , Petros Efstathopoulos , Eddie Kohler , Maxwell Krohn , Cliff Frey
关键词:
摘要: Asbestos, a new operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express wide range policies with Asbestos's kernel-enforced labels, including controls on interprocess communication system-wide information flow. A event process abstraction defines lightweight, isolated contexts within single process, allowing one to act behalf multiple users while preventing it from leaking any user's data others. Web server demonstration application uses these primitives isolate private user data. Since untrusted workers respond client requests are constrained by exploited cannot directly expose except as allowed policy. The requires 1.4 memory pages per for up 145,000 achieves connection rates similar Apache, demonstrating additional security come at an acceptable cost.
acm.org
core.ac.uk
sci-hub.se 参考文章(41)
Maxwell Krohn, Building secure high-performance web services with OKWS usenix annual technical conference. pp. 15- 15 ,(2004)
Robert Watson, Wayne Morrison, Chris Vance, Brian Feldman, None, The TrustedBSD MAC Framework: Extensible Kernel Access Control for FreeBSD 5.0. usenix annual technical conference. pp. 285- 296 ,(2003)
Terry Mayfield, John M. Boone, Stephen R. Welke, INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD National Computer Security Center (U.S.). ,(1991) , 10.21236/ADA253989
Bruce Schneier, Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) fast software encryption. pp. 191- 204 ,(1993) , 10.1007/3-540-58108-1_24
Maxwell N Krohn, Petros Efstathopoulos, Cliff Frey, M Frans Kaashoek, Eddie Kohler, David Mazieres, Robert Tappan Morris, Michelle Osborne, Steve VanDeBogart, David Ziegler, None, Make least privilege a right (not a privilege) hot topics in operating systems. pp. 21- 21 ,(2005)
M. D. McIlroy, J. A. Reeds, Multilevel security in the UNIX tradition Software - Practice and Experience. ,vol. 22, pp. 673- 694 ,(1992) , 10.1002/SPE.4380220805
R.T. Fielding, G. Kaiser, The Apache HTTP Server Project IEEE Internet Computing. ,vol. 1, pp. 88- 90 ,(1997) , 10.1109/4236.612229
D. Elliott Bell, Leonard J. La Padula, Secure Computer System: Unified Exposition and Multics Interpretation Defense Technical Information Center. ,(1976) , 10.21236/ADA023588
J. Liedtke, On micro-kernel construction symposium on operating systems principles. ,vol. 29, pp. 237- 250 ,(1995) , 10.1145/224056.224075
Viktors Berstis, Security and protection of data in the IBM System/38 Proceedings of the 7th annual symposium on Computer Architecture - ISCA '80. pp. 245- 252 ,(1980) , 10.1145/800053.801932