Sotiris Ioannidis, Steven M. Bellovin, and Jonathan M. Smith. Sub-operating systems: A new approach to application security. In Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emilion, France, September 2002.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....[31] Instead, the Flask system assigns security identi ers to every object and employs a security server for policy decisions and an object server for policy enforcement. However, Flask does not consider application con nement and provides no support for auditing or intrusion detection. SubOS [22] takes a similar approach based on object labeling to restrict access to the system. Depending on their origin, objects are assigned sub user identi ers. A process that accesses an object inherits its sub user id and corresponding restrictions. As a result, a process subverted by a malicious ....

Sotiris Ioannidis, Steven M. Bellovin, and Jonathan M. Smith. Sub-Operating Systems: A New Approach to Application Security. In Proceedings of the SIGOPS European Workshop, September 2002.

....positive repercussions for power conservation. 6 Related Work 6.1 Operating System improvements Many projects have sought to improve the OS as a reference monitor to isolate untrusted code. Privilege subsetting defines restricted rights for untrusted code, distinct from normal user privileges [6, 12, 30]. Although this provides mechanism to isolate untrusted code, the problem of expressing appropriate policy is not specifically addressed. These proposals typically do not address layer below attacks or vulnerabilities due to global namespaces. To address file system global namespace ....

S. Ioannidis and S.M. Bellovin. Sub-operating systems: A new approach to application security. University of Pennsylvania Technical Report MS-CIS01 -06, 2001.

No context found.

S. Ioannidis, S. M. Bellovin, and J. M. Smith, "Sub-operating systems: A new approach to application security," in 10th ACM SIGOPS Eur. Workshop, Sept. 2002.

No context found.

Sotiris Ioannidis and Steven M. Bellovin. Sub-Operating Systems: A New Approach to Application Security. Technical Report MS-CIS-01-06, University of Pennsylvania, February 2000.

....can communicate with the user or a management system (e.g. using the standard library, sockets, etc. Our current system does not attempt to explore extending resource management of user processes. A number of solutions have already been proposed for extending the Unix security model, e.g. [13]. For now, user space modules run as normal Unix processes. We detail how safe execution of in kernel code is accomplished in Section 2.1. The basic approach is to use the set of credentials, C x , at compile time to verify that the module is allowed by system policy to perform the functions it ....

Sotiris Ioannidis and Steven M. Bellovin. Sub-Operating Systems: A New Approach to Application Security. Technical Report MS-CIS-01-06, University of Pennsylvania, February 2001.

....network processor board [2] For the purposes of this paper, we consider FLAME in a passive monitor set up. Our current system does not attempt to explore extending resource management of user processes. A number of solutions have already been proposed for extending the Unix security model, e.g. [15]. For now, user space modules run as normal Unix processes. We detail how safe execution of in kernel code is accomplished in Section 2.1. The basic approach is to use the set of credentials, C x , at compile time to verify that the module is allowed by system policy to perform the functions it ....

S. Ioannidis, S. M. Bellovin, and J. M. Smith. Suboperating systems: A new approach to application security. In Proceedings of the ACM SIGOPS European Workshop, September 2002.

....router interface card. For the purposes of this paper, we consider FLAME in a passive monitor set up. Our current system does not attempt to explore extending resource management of user processes. A number of solutions have already been proposed for extending the Unix security model, e.g. [14]. For now, user space modules run as normal Unix processes. We detail how safe execution of in kernel code is accomplished in Section 2.1. The basic approach is to use the set of credentials, C x , at compile time to verify that the module is allowed by system policy to perform the functions it ....

S. Ioannidis and S. M. Bellovin. Sub-Operating Systems: A New Approach to Application Security. Technical Report MS-CIS-01-06, University of Pennsylvania, Feb. 2001.

....also forbid user processes from modifying those values. We did not attempt to make the environment totally tamperproof as that would have been beyond the application oriented scope of this work. However, there has been extensive research in this field which can be easily incorporated in our system [15, 14]. 4 Experimental Study A number of experiments were performed with the implementation of our system on the test bed shown in Figure 4. The experiments aim primarily to validate our design and study system performance. Our test bed consists of 7 x86 based routers and an edge machine, all ....

Sotiris Ioannidis and Steven M. Bellovin. Sub-Operating Systems: A New Approach to Application Security. Technical Report MS-CIS-01-06, University of Pennsylvania, February 2000.

....packet headers only. The packet source and destination addresses must be anonymized. policy filter anonymizer user filter user processing module PKT system level user level Figure 3: The cycle of a packet being processed by the system and user code. be easily incorporated in our system [19, 16]. 3 Applications 3.1 Tra#c Regulation The current Internet architecture o#ers very few protection mechanisms against ill behaved tra#c. Especially in recent years there has been an increase in Distributed Denial of Service (DDoS) attacks [25, 26] as well as as flash crowd e#ects. A denial of ....

Sotiris Ioannidis and Steven M. Bellovin. Sub-Operating Systems: A New Approach to Application Security. Technical Report MS-CIS-01-06, University of Pennsylvania, February 2000.

No context found.

Sotiris Ioannidis, Steven M. Bellovin, and Jonathan M. Smith. Sub-operating systems: A new approach to application security. In Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emilion, France, September 2002.

No context found.

Sotiris Ioannidis, Steven M. Bellovin, and Jonathan M. Smith. Sub-Operating Systems: A New Approach to Application Security. In Proceedings of the SIGOPS European Workshop, September 2002. 2

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC