Michael D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. Ph.D. thesis, MIT, 1972.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....and answer the programmer s questions about dependencies between modules. 14 There are many theses and papers related to the ideal solution presented in chapter 2, which is basically a domain architecture. Dennis 64] and [Dennis and Van Horn 65] describe spheres of protection. Schroeder 72] describes the hardware that could support mutually suspicious domains. IRedell 74] discusses type extension and revokable capabilities. jones 73] describes capabilties in a very formal sense. The concepts of command and control environments are discussed in this thesis, The General Electric ....

....object. Thus, the implementation is faced with the management amd storage of all these objects that exist as independent entities. 7) During execution, domain changing with every procedure call would undoubtedly be expensive because dynamic capabilities would have to be . stacked and maintained [Schroeder 72] Excessive paging overhead due.to a new capability list and environment components would also decrease efficiency. As pointed out earlier in the Multics example, excessive paging overhead is in fact what led to some of the problems being attacked in this thesis, Returning to the original state ....

Schroeder, M.D. "Cooperation of Mutually Suspicious Subsystems in a Computer Utility", M.I.T. Laboratory for Computer Science Technical Report 104, Cambridge, Mass., September, 1972.

....They appear to be trying to avoid having any service layer at all. Java [GJS96] and ML [MTH90, Ler] and the MMM [Lou96] project) provide security through language mechanisms. More recent versions of Java provide protection domains [GS98] Protection domains were first introduced in Multics [Sch72, Sch75, MSS77, Sal74] These solutions are not applicable to programs written in other languages (as may be the case with a heterogeneous active network with multiple execution environments) and are better suited for the applet model of execution than active networks. The need for a separate ....

M. D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. PhD thesis, MIT, September 1972.

....containing the trusted code. New rules can be considered in the future. 3 Summary In this paper we have outlined, at a fairly abstract level, the Java security architecture. We have chosen to describe in some detail the design of the cryptographic library and the concept of protection domain [9, 3, 10], but have had no room to elaborate on other topics such as password protected authentication protocols [1] access control and delegation [5, 7, 4] and secure remote method invocation. We expect to report our design and implementation experiences in future papers. Acknowledgments Ideas from ....

M.D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. Ph.D. dissertation, Massachusetts Institute of Technology, Cambridge, MA 02139, September 1972.

....6 Related Work The fundamental ideas adopted in the new JDK1.2 security architecture have roots in the last 40 years of computer security research. Significantly, our design has been inspired by the concept of protection domains and the work dealing with mutually suspicious programs in Multics [10, 8], and right amplification in Hydra [6, 12] One feature that is not present in operating systems such as Unix or MS DOS, is that we implement the least privilege principle by automatically intersecting the sets of permissions granted to protection domains that are involved in a call sequence. This ....

M.D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. Ph.D. dissertation, Massachusetts Institute of Technology, Cambridge, MA 02139, September 1972.

.... access control list [10] We followed some of the Unix conventions in specifying access permissions to the file system and other system resources, but significantly, our design has been inspired by the concept of protection domains and the work dealing with mutually suspicious programs in Multics [17, 15], and right amplification in Hydra [9, 20] One novel feature, which is not present in operating systems such as Unix or MS DOS, is that we implement the least privilege principle by automatically intersecting the sets of permissions granted to protection domains that are involved in a call ....

M.D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. Ph.D. dissertation, Massachusetts Institute of Technology, Cambridge, MA 02139, September 1972.

No context found.

Michael D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. Ph.D. thesis, MIT, 1972.

No context found.

Michael D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. Ph.D. thesis, Massachusetts Institute of Technology, September 1972.

No context found.

M.D. Schroeder. Cooperation of mutually suspicious subsystems in a computer utility. Technical report, Ph.D. Thesis, M.I.T., Cambridge, Massachusetts, September 1972.

No context found.

M.D. Schroeder, Cooperation of Mutually Suspicious Subsystems in a Computer Utility, doctoral dissertation, Dept. Electrical Eng., Massachusetts Institute of Technology,

No context found.

M.D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. Ph.D. dissertation, Massachusetts Institute of Technology, Cambridge, MA 02139, September 1972.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC