SASI enforcement of security policies

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

SASI enforcement of security policies: a retrospective

Full text

Pdf (862 KB)

Source

New Security Paradigms Workshop archive
Proceedings of the 1999 workshop on New security paradigms table of contents

Caledon Hills, Ontario, Canada

Pages: 87 - 95

Year of Publication: 1999

ISBN:1-58113-149-6

Authors

Úlfar Erlingsson	Department of Computer Science, Cornell University, Ithaca, New York
Fred B. Schneider	Department of Computer Science, Cornell University, Ithaca, New York

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 7, Downloads (12 Months): 69, Citation Count: 48

Additional Information:

references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/335169.335201 What is a DOI?

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	B. N. Bershad , S. Savage , P. Pardyak , E. G. Sirer , M. E. Fiuczynski , D. Becker , C. Chambers , S. Eggers, Extensibility safety and performance in the SPIN operating system, Proceedings of the fifteenth ACM symposium on Operating systems principles, p.267-283, December 03-06, 1995, Copper Mountain, Colorado, United States
	2	P. Deutsch and C.A. Grant. A flexible measurement tool for software systems. In Information Processing (Proc. of the iFiP Congress), pages 320-326, 1971.
	3	Guy Edjlali , Anurag Acharya , Vipin Chaudhary, History-based access control for mobile code, Proceedings of the 5th ACM conference on Computer and communications security, p.38-48, November 02-05, 1998, San Francisco, California, United States [doi>10.1145/288090.288102]
	4	D. Evans and A. Twyman. Policy-directed code safety. In Proc. IEEE Symposium on Security and Privacy, May 1999.
	5	Robert Grimm , Brian N. Bershad, Providing policy-neutral and transparent access control in extensible systems, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
	6	Neil D. Jones , Carsten K. Gomard , Peter Sestoft, Partial evaluation and automatic program generation, Prentice-Hall, Inc., Upper Saddle River, NJ, 1993
	7	Dexter Kozen, Efficient Code Certification, Cornell University, Ithaca, NY, 1998
	8	Greg Morrisett , David Walker , Karl Crary , Neal Glew, From system F to typed assembly language, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.85-97, January 19-21, 1998, San Diego, California, United States [doi>10.1145/268946.268954]
	9	George C. Necula, Proof-carrying code, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.106-119, January 15-17, 1997, Paris, France [doi>10.1145/263699.263712]
	10	R. Pandey and B. Hashii. Providing fine grained access control for mobile programs through binary editing. Technical Report TR98 08, University of California, Davis, August 1998.
	11	Fred B. Schneider, Enforceable Security Policies, Cornell University, Ithaca, NY, 1998
	12	C. Small. A tool for constructing safe extensible C++ systems. In Proc. 3rd Conference on Object-Oriented Technologies and Systems, June 1997.
	13	C. Small and M. Seltzer. A comparison of OS extension technologies. In Proc. 1996 USENIX Technical Conference, pages 41-54, January 1996.
	14	Robert Wahbe , Steven Lucco , Thomas E. Anderson , Susan L. Graham, Efficient software-based fault isolation, ACM SIGOPS Operating Systems Review, v.27 n.5, p.203-216, Dec. 1993

CITED BY 49

	Kevin W. Hamlen , Greg Morrisett , Fred B. Schneider, Computability classes for enforcement mechanisms, ACM Transactions on Programming Languages and Systems (TOPLAS), v.28 n.1, p.175-205, January 2006
	Koji Inoue, Energy-security tradeoff in a secure cache architecture against buffer overflow attacks, ACM SIGARCH Computer Architecture News, v.33 n.1, March 2005
	V. N. Venkatakrishnan , Ram Peri , R. Sekar, Empowering mobile code using expressive security policies, Proceedings of the 2002 workshop on New security paradigms, September 23-26, 2002, Virginia Beach, Virginia
	Yliès Falcone , Jean-Claude Fernandez , Laurent Mounier, Enforcement monitoring wrt. the safety-progress classification of properties, Proceedings of the 2009 ACM symposium on Applied Computing, March 08-12, 2009, Honolulu, Hawaii
	Thomas Colcombet , Pascal Fradet, Enforcing trace properties by program transformation, Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.54-66, January 19-21, 2000, Boston, MA, USA
	Dachuan Yu , Ajay Chander , Nayeem Islam , Igor Serikov, JavaScript instrumentation for browser security, ACM SIGPLAN Notices, v.42 n.1, January 2007
	Arie Orlovsky , Danny Raz, Decentralized enforcement of security policies for distributed computational systems, Proceedings of the 2007 ACM symposium on Applied computing, March 11-15, 2007, Seoul, Korea
	Irem Aktug , Katsiaryna Naliuka, ConSpec -- A Formal Language for Policy Specification, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.45-58, February, 2008
	Fred B. Schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.30-50, Feb. 2000
	Douglas R. Smith, Requirement enforcement by transformation automata, Proceedings of the 6th workshop on Foundations of aspect-oriented languages, p.5-14, March 13-13, 2007, Vancouver, British Columbia, Canada
	F. Y. Huang , C. B. Jay , D. B. Skillicorn, Adaptiveness in well-typed Java bytecode verification, Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research, October 16-19, 2006, Toronto, Ontario, Canada
	Daniele Gorla , Rosario Pugliese, Controlling data movement in global computing applications, Proceedings of the 2004 ACM symposium on Applied computing, March 14-17, 2004, Nicosia, Cyprus
	Dries Vanoverberghe , Frank Piessens, Security enforcement aware software development, Information and Software Technology, v.51 n.7, p.1172-1185, July, 2009
	Vir V. Phoha , Amit U. Nadgar , Asok Ray , Shashi Phoha, Supervisory Control of Software Systems, IEEE Transactions on Computers, v.53 n.9, p.1187-1199, September 2004
	François Pottier , Christian Skalka , Scott Smith, A systematic approach to static access control, ACM Transactions on Programming Languages and Systems (TOPLAS), v.27 n.2, p.344-382, March 2005
	Gary McGraw , Greg Morrisett, Attacking Malicious Code: A Report to the Infosec Research Council, IEEE Software, v.17 n.5, p.33-41, September 2000
	Yougang Song , Brett D. Fleisch, Utilizing Binary Rewriting for Improving End-Host Security, IEEE Transactions on Parallel and Distributed Systems, v.18 n.12, p.1687-1699, December 2007
	Ajay Chander , David Espinosa , Nayeem Islam , Peter Lee , George C. Necula, Enforcing resource bounds via static verification of dynamic checks, ACM Transactions on Programming Languages and Systems (TOPLAS), v.29 n.5, p.28-es, August 2007
	Patrick Cousot , Radhia Cousot, Systematic design of program transformation frameworks by abstract interpretation, ACM SIGPLAN Notices, v.37 n.1, p.178-190, Jan. 2002
	Stephen McCamant , Greg Morrisett, Evaluating SFI for a CISC architecture, Proceedings of the 15th conference on USENIX Security Symposium, p.15-15, July 31-August 04, 2006, Vancouver, B.C., Canada
	Frédéric Besson , Thomas de Grenier de Latour , Thomas Jensen, Secure calling contexts for stack inspection, Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.76-87, October 06-08, 2002, Pittsburgh, PA, USA
	Rocco De Nicola , Daniele Gorla , Rosario Pugliese, Confining data and processes in global computing applications, Science of Computer Programming, v.63 n.1, p.57-87, November 2006
	Kevin W. Hamlen , Micah Jones, Aspect-oriented in-lined reference monitors, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
	Charles Reis , John Dunagan , Helen J. Wang , Opher Dubrovsky , Saher Esmeir, BrowserShield: vulnerability-driven filtering of dynamic HTML, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
	Chamseddine Talhi , Nadia Tawbi , Mourad Debbabi, Execution monitoring enforcement for limited-memory systems, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
	Nick L. Petroni, Jr. , Michael Hicks, Automated detection of persistent kernel control-flow attacks, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Anderson Santana de Oliveira , Eric Ke Wang , Claude Kirchner , Helene Kirchner, Weaving rewrite-based access control policies, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.71-80, November 02-02, 2007, Fairfax, Virginia, USA
	Kevin W. Hamlen , Greg Morrisett , Fred B. Schneider, Certified In-lined Reference Monitoring on .NET, Proceedings of the 2006 workshop on Programming languages and analysis for security, June 10-10, 2006, Ottawa, Ontario, Canada
	Charles Reis , John Dunagan , Helen J. Wang , Opher Dubrovsky , Saher Esmeir, BrowserShield: Vulnerability-driven filtering of dynamic HTML, ACM Transactions on the Web (TWEB), v.1 n.3, p.11-es, September 2007
	R. Sekar , V.N. Venkatakrishnan , Samik Basu , Sandeep Bhatkar , Daniel C. DuVarney, Model-carrying code: a practical approach for safe execution of untrusted applications, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	Emin Gün Sirer , Ke Wang, An access control language for web services, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
	Daniel S. Dantas , David Walker , Geoffrey Washburn , Stephanie Weirich, Poly_AML: a polymorphic aspect-oriented functional programming language, ACM SIGPLAN Notices, v.40 n.9, September 2005
	Daniel C. DuVarney , V. N. Venkatakrishnan , Sandeep Bhatkar, SELF: a transparent security extension for ELF binaries, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland
	Peter Thiemann, Program specialization for execution monitoring, Journal of Functional Programming, v.13 n.3, p.573-600, May 2003
	Anindya Banerjee , David A. Naumann, Stack-based access control and secure information flow, Journal of Functional Programming, v.15 n.2, p.131-177, March 2005
	Úlfar Erlingsson , Martín Abadi , Michael Vrable , Mihai Budiu , George C. Necula, XFI: software guards for system address spaces, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
	Christian Skalka , Scott Smith , David Van horn, Types and trace effects of higher order programs, Journal of Functional Programming, v.18 n.2, p.179-249, March 2008
	Martín Abadi , Mihai Budiu , Úlfar Erlingsson , Jay Ligatti, Control-flow integrity, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Arnar Birgisson , Mohan Dhawan , Úlfar Erlingsson , Vinod Ganapathy , Liviu Iftode, Enforcing authorization policies using transactional memory introspection, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	Daniel S. Dantas , David Walker , Geoffrey Washburn , Stephanie Weirich, AspectML: A polymorphic aspect-oriented functional programming language, ACM Transactions on Programming Languages and Systems (TOPLAS), v.30 n.3, p.1-60, May 2008
	Jay Ligatti , Lujo Bauer , David Walker, Run-Time Enforcement of Nonsafety Policies, ACM Transactions on Information and System Security (TISSEC), v.12 n.3, p.1-41, January 2009
	Robert Grimm , Brian N. Bershad, Separating access control policy, enforcement, and functionality in extensible systems, ACM Transactions on Computer Systems (TOCS), v.19 n.1, p.36-70, Feb. 2001
	Frédéric Besson , Thomas De Grenier DeLatour , Thomas Jensen, Interfaces for stack inspection, Journal of Functional Programming, v.15 n.2, p.179-217, March 2005
	Algis Rudys , Dan S. Wallach, Termination in language-based systems, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.138-168, May 2002
	Vivek Haldar , Michael Franz, Towards trusted systems from the ground up, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
	Florian Kerschbaum , Eugene H. Spafford , Diego Zamboni, Using internal sensors and embedded detectors for intrusion detection, Journal of Computer Security, v.10 n.1-2, p.23-70, 2002
	Yolanta Beres , Chris I. Dalton, Dynamic label binding at run-time, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland
	David Walker, A type system for expressive security policies, Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.254-267, January 19-21, 2000, Boston, MA, USA
	Fei Yan , Philip W. L. Fong, Efficient IRM enforcement of history-based access control policies, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia