| ||||||||||||||||||||||||||||||||||||||||||||||||||||
7th USENIX Security Symposium, 1998
[Technical Program]
   Next: Introduction Up: Operating System Protection for
Operating System Protection for Fine-Grained Programs
December 9, 1997
Abstract:We present an operating system-level security model for controlling
fine-grained programs, such as downloaded executable content, and
compare this security model's implementation to that of language-based
security models. Language-based security has well-known limitations,
such as the lack of complete mediation (e.g., for compiled programs or
race condition attacks) and faulty self-protection (effective security
is unproven). Operating system-level models are capable of complete
mediation and self-protection, but some researchers argue that
operating system-level security models are unlikely to supplant such
language-based models because they lack portability and performance.
In this paper, we detail an operating system-level security model
built on the Lava Nucleus, a minimal, fast
Trent Jaeger Tue Dec 9 10:40:18 EST 1997 |
|
This paper was originally published in the
Proceedings of the 7th USENIX Security Symposium,
January 26-29, 1998,
San Antonio, Texas
Last changed: 12 April 2002 aw |
|
jochen 
-kernel operating
system. We show how it can enforce security requirements for
fine-grained programs and show that its performance overhead (with the
additional security) can be virtually negligible when compared to
language-based models. Given the sufficient performance and security,
the portability issue should become moot because other vendors will
have to meet the higher security and performance expectations of their
customers.
Technical Program