usenix conference policies
Operating System Protection for Fine-Grained Programs
Trent Jaeger, Jochen Liedtke, and Nayeem Islam, IBM T.J. Watson Research Center
We present an operating system-level security model for controlling
fine-grained programs, such as downloaded executable content, and
compare this security model's implementation to that of language-based
security models. Language-based security has well-known limitations,
such as the lack of complete mediation (e.g., for compiled programs or
race condition attacks) and faulty self-protection (effective security
is unproven). Operating system-level models are capable of complete
mediation and self-protection, but some researchers argue that
operating system-level security models are unlikely to supplant such
language-based models because they lack portability and performance.
In this paper, we detail an operating system-level security model
built on the Lava Nucleus, a minimal, fast -kernel operating
system. We show how it can enforce security requirements for
fine-grained programs and show that its performance overhead (with the
additional security) can be virtually negligible when compared to
language-based models. Given the sufficient performance and security,
the portability issue should become moot because other vendors will
have to meet the higher security and performance expectations of their
customers.
author = {Trent Jaeger and Jochen Liedtke and Nayeem Islam},
title = {Operating System Protection for {Fine-Grained} Programs},
booktitle = {7th USENIX Security Symposium (USENIX Security 98)},
year = {1998},
address = {San Antonio, TX},
url = {https://www.usenix.org/conference/7th-usenix-security-symposium/operating-system-protection-fine-grained-programs},
publisher = {USENIX Association},
month = jan
}
connect with us