usenix conference policies
Design of the EROS Trusted Window System
Window systems are the primary mediator of user input and output in modern computing systems. They are also a commonly used interprocess communication mechanism. As a result, they play a key role in the enforcement of security policies and the protection of sensitive information. A user typing a password or passphrase must be assured that it is disclosed exclusively to the intended program. In highly secure systems, global policies concerning information flow restrictions must be honored. Most window systems today, including X11 and Microsoft Windows, have carried forward the presumptive trust assumptions of the Xerox Alto from which they were conceptually derived. These assumptions are inappropriate for modern computing environments.
In this paper, we present the design of a new trusted window system for the EROS capability-based operating system. The EROS Window System (EWS) provides robust traceability of user volition and is capable (with extension) of enforcing mandatory access controls. The entire implementation of EWS is less than 4,500 lines, which is a factor of ten smaller than previous trusted window systems such as Trusted X, and well within the range of what can feasibly be evaluated for high assurance.
author = {Jonathan S. Shapiro and John Vanderburgh and Eric Northup and David Chizmadia},
title = {Design of the {EROS} Trusted Window System},
booktitle = {13th USENIX Security Symposium (USENIX Security 04)},
year = {2004},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/13th-usenix-security-symposium/design-eros-trusted-window-system},
publisher = {USENIX Association},
month = aug
}
connect with us