D. P. Ghormley, S. H. Rodrigues, D. Petrou, and T. E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, Apr. 9, 1997.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....sandboxing technique, that enables COTS systems to be extended for the specific needs of applications. In fact, our approach places no specific requirements on the underlying OS structure. As a consequence, it is possible for our technique to implement micro kernel services, interposition agents [23, 17], virtual machines [18, 33] and entire OSes in a sandboxed region above a kernel that is, say, monolithic. Our approach differs from other solutions in that it neither relies exclusively on hardware (e.g. Palladium [6] nor software (e.g. software fault isolation [30] or Java) support. ....

....services. We believe our approach is a promising method for the safe and efficient implementation of user space application and system service extensions. It is appropriate for COTS systems, requiring minimal changes to the kernel. Experimental results show that using our approach to in terpose [23, 17] code between an application and the underlying system results in lower impact on application performance than traditional methods. Likewise, our technique for implementing (and communicating between) logical protection domains in a single address space has similar performance to hardware based ....

[Article contains additional citation context not shown here]

D. P. Ghormley, S. H. Rodrigues, D. Petrou, and T. E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, September 1997.

.... Furthermore current operating systems fail to provide support for the kind of ne grained policies that could control the execution of such components [12, 9] Recent practical work advocates interposing security code at the operating system boundary to observe and modify the data passing through [36, 15, 10, 12, 9]. Interposition techniques e ectively encapsulate untrusted components in wrapper programs that have full control over the interactions between encapsulated components and the OS and over the interactions among components. The code of a wrapper can, for instance, perform access control checks, ....

Douglas P. Ghormley, Steven H. Rodrigues, David Petrou, and Thomas E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, April 9, 1997.

....in its environment, and imposes security constraints on these messages. In contrast, a seal is not able to peek and poke the internals of any of its children seals, or of any other seal. The design has been inspired by the Fluke micro kernel [14] and work on interposition in operating systems [12, 15, 16]. We have not addressed interposition of low level resources such as memory and the scheduler as this requires modifications to the virtual machine [3] Two types of agents: In JavaSeal there are two categories of agents. The leaves of the seal hierarchy, which are called complets, are ....

....achieve this level of security, rather a fundamental redesign of the JDK. Protection domains are also an operating system issue and many of the ideas here are influenced by such work. For instance, the hierarchial model is influenced by Fluke [14] and L3 [27] as well as by work on interposition [12, 15, 16]. 8 Conclusion This paper has described the JavaSeal platform. This is a secure kernel for mobile environments (envlets) and mobile objects (complets) JavaSeal is a kernel in that it offers minimal service funtionality. Since services differ between sites, one should be able to build different ....

D. P. Ghormley, S. H. Rodrigues, D. Petrou, and T. E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, Apr. 9, 1997.

.... systems fail to provide support for the kind of ne grained policies that could control the execution of such components [GWTB96, FBF99] Recent practical work advocates interposing security code at the operating system boundary to observe and modify the data passing through [WBDF97, Jon99, GRPA97, GWTB96, FBF99] Interposition techniques e ectively encapsulate untrusted components in wrapper programs that have full control over the interactions between encapsulated components and the OS and over the interactions among components. The code of a wrapper can, for instance, perform access ....

Douglas P. Ghormley, Steven H. Rodrigues, David Petrou, and Thomas E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, April 9, 1997.

.... systems fail to provide support for the kind of ne grained policies that could control the execution of such components [GWTB96, FBF99] Recent practical work advocates interposing security code at the operating system boundary to observe and modify the data passing through [WBDF97, Jon99, GRPA97, GWTB96, FBF99] Interposition techniques effectively encapsulate untrusted components in wrapper programs that have full control over the interactions between encapsulated components and the OS and over the interactions among components. The code of a wrapper can, for instance, perform access ....

Douglas P. Ghormley, Steven H. Rodrigues, David Petrou, and Thomas E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, April 9, 1997.

....approach would push security onto the operating system without solving any of the underlying issues. In operating systems research, the issue of defining flexible security policies is a well known problem. Several research groups have advocated interposition as a technique for enforcing security [16, 17, 18]. This technique relies on being able to intercept all requests to the operating system and interposing security checks to decide whether the request should be forwarded to the operating system. The hierarchical model of JavaSeal was designed to support arbitrary levels of transparent ....

D. P. Ghormley, S. H. Rodrigues, D. Petrou, and T. E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, Apr. 9, 1997.

....inference or static analysis of downloaded code, seems impractical given only the object code, which may not conform to any reasonable type system. Recent practical approaches for improving the exibility of operating system security mechanisms include the interposition of code at the OS boundary [22, 14, 16] and the encapsulation of untrusted programs in wrappers which implement a given security policy [13] These are low cost none to the producer and only a small run time cost to the user. They allow more exible interaction than sandboxing, albeit coarser grain policies than proof carrying ....

....Q, Alice must run the code in parallel with her other applications, perhaps as alice[P j Q] This grants too much privilege to Q, however. In particular, if Q = in x:net x then any terminal input may be redirected to the net. A wrapper can provide ne grain control of the behaviour of Q [13, 22, 14, 16, 35]. For example, a ltering wrapper W 1 can prevent Q from accessing the network: W 1 [ def = a) a[ in x:in a x j out a x:out x The system becomes alice[P j W 1 [Q] The untrusted code is placed in a box with a fresh name a, so a 62 fn(Q) In parallel with the box are ....

Douglas P. Ghormley, Steven H. Rodrigues, David Petrou, and Thomas E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, April 9, 1997.

.... As we mentioned, type casting and sharing can easily violate the constraint that one domain not reference an object of another domain (name space) The hierarchical communication model has been inspired by the Fluke micro kernel [13] L3 [27] and work on interposition in operating systems [11, 14, 15]. We have not addressed interposition of low level resources such as memory and the scheduler as this requires modifications to the virtual machine [3] 8 Conclusion This paper has described the JavaSeal platform. This is a secure kernel for mobile environments (envlets) and mobile objects ....

D. P. Ghormley, S. H. Rodrigues, D. Petrou, and T. E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, Apr. 9, 1997.

....specially in her text editor. While it is not feasible to analyse or modify large third party software packages, it is possible to intercept the communications between a package and the other parts of the system, interposing code at the boundaries of the different software components [Jon99, GRPA97, FHL 96, BTS 98, GWTB96] It is thus possible to monitor or control the operations that these components are able to invoke, and the data that is exchanged between them. We call a code fragment that encapsulates untrusted components a security wrapper or wrapper for short. Clearly the ....

Douglas P. Ghormley, Steven H. Rodrigues, David Petrou, and Thomas E. Anderson. Interposition as an operating system extension mechanism. 1997.

....be notified of events, and different options for event ordering and synchronization. 7.5 Operating System Customization Recent work on new generation operating systems has emphasized similar customization goals, but in a more general context. These include Exokernel [EKO95] Scout [MP96] SLIC [GRPA97] SPIN [BSP 95] and VINO [SESS96] as well as work on subcontracts [HPM93] and application controlled file caching [CFL94] These projects attempt to increase the ability of users to configure different types of services, but for many aspects of operating system functionality rather than ....

D. Ghormley, S. Rodrigues, D. Petrou, and T. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, Sept 1997.

No context found.

D. P. Ghormley, S. H. Rodrigues, D. Petrou, and T. E. Anderson. Interposition as an operating system extension mechanism. Technical Report CSD-96-920, University of California, Berkeley, Apr. 9, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC