ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Labels and event processes in the asbestos operating system
Full text PdfPdf (259 KB)
Source ACM Symposium on Operating Systems Principles archive
Proceedings of the twentieth ACM symposium on Operating systems principles table of contents
Brighton, United Kingdom
SESSION: Integrity and isolation table of contents
Pages: 17 - 30  
Year of Publication: 2005
ISBN:1-59593-079-5
Also published in ...
Authors
Petros Efstathopoulos  UCLA
Maxwell Krohn  MIT
Steve VanDeBogart  UCLA
Cliff Frey  MIT
David Ziegler  MIT
Eddie Kohler  UCLA
David Mazières  Stanford/NYU
Frans Kaashoek  MIT
Robert Morris  MIT
Sponsors
ACM: Association for Computing Machinery
SIGOPS: ACM Special Interest Group on Operating Systems
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 18,   Downloads (12 Months): 129,   Citation Count: 25
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1095810.1095813
What is a DOI?

ABSTRACT

Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced label mechanism, including controls on inter-process communication and system-wide information flow. A new event process abstraction provides lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while preventing it from leaking any single user's data to any other user. A Web server that uses Asbestos labels to isolate user data requires about 1.5 memory pages per user, demonstrating that additional security can come at an acceptable cost.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Apache API notes. http://httpd.apache.org/docs/1.3/misc/API.html.
 
2
Apache HTTP server project. http://httpd.apache.org.
 
3
David E. Bell and Leonard La Padula. Secure computer system: Unified exposition and Multics interpretation. Technical Report MTR-2997, Rev. 1, MITRE Corp., Bedford, MA, March 1976.
4
Viktors Berstis, Security and protection of data in the IBM System/38, Proceedings of the 7th annual symposium on Computer Architecture, p.245-252, May 06-08, 1980, La Baule, United States  [doi>10.1145/800053.801932]
 
5
M. Branstad, Homayoon Tajalli, Frank Mayer, and David Dalva. Access mediation in a message passing kernel. In Proc. 1989 IEEE Symposium on Security and Privacy, pp. 66--72, Oakland, CA, May 1989.
6
David Cheriton, The V distributed system, Communications of the ACM, v.31 n.3, p.314-333, March 1988  [doi>10.1145/42392.42400]
7
Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976  [doi>10.1145/360051.360056]
8
Dorothy E. Denning , Peter J. Denning, Certification of programs for secure information flow, Communications of the ACM, v.20 n.7, p.504-513, July 1977  [doi>10.1145/359636.359712]
 
9
Department of Defense. Trusted Computer System Evaluation Criteria (Orange Book), December 1985. DoD 5200.28-STD.
 
10
Timothy Fraser, LOMAC: Low Water-Mark Integrity Protection for COTS Environments, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.230, May 14-17, 2000
 
11
R. P. Goldberg. Architecture of virtual machines. In Proc. AFIPS National Computer Conference, Vol. 42, pp. 309--318, June 1973.
12
Norman Hardy , Norm Hardy, The Confused Deputy: (or why capabilities might have been invented), ACM SIGOPS Operating Systems Review, v.22 n.4, p.36-38, Oct. 1988
 
13
Wei-Ming Hu. Reducing timing channels with fuzzy time. In Proc. 1991 IEEE Symposium on Security and Privacy, pp. 8--20, Oakland, CA, May 1991.
14
Trent Jaeger , Atul Prakash , Jochen Liedtke , Nayeem Islam, Flexible control of downloaded executable content, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.177-228, May 1999  [doi>10.1145/317087.317091]
 
15
Paul A. Karger. Limiting the damage potential of discretionary Trojan horses. In Proc. 1987 IEEE Symposium on Security and Privacy, pp. 32--37, Oakland, CA, April 1987.
 
16
Paul A. Karger and Andrew J. Herbert. An augmented capability architecture to support lattice security and traceability of access. In Proc. 1984 IEEE Symposium on Security and Privacy, pp. 2--12, Oakland, CA, April 1984.
 
17
Paul A. Karger, Mary Ellen Zurko, Douglas W. Bonin, Andrew H. Mason, and Clifford E. Kahn. A VMM security kernel for the VAX architecture. In Proc. 1990 IEEE Symposium on Security and Privacy, pp. 2--19, Oakland, CA, May 1990.
 
18
Key Logic. The KeyKOS/KeySAFE System Design, March 1989. SEC009-01. http://www.agorics.com/Library/KeyKos/keysafe/Keysafe.html.
 
19
Samuel T. King and Peter M. Chen. Operating system support for virtual machines. In Proc. 2003 USENIX Annual Technical Conference, San Antonio, TX, June 2003.
 
20
Maxwell Krohn. Building secure high-performance web services with OKWS. In Proc. 2004 USENIX Annual Technical Conference, pp. 185--198, Boston, MA, June 2004.
 
21
Maxwell Krohn, Petros Efstathopoulos, Cliff Frey, Frans Kaashoek, Eddie Kohler, David Mazières, Robert Morris, Michelle Osborne, Steve VanDeBogart, and David Ziegler. Make least privilege a right (not a privilege). In Proc. 10th Hot Topics in Operating Systems Symposium (HotOS-X), Santa Fe, NM, June 2005.
22
Carl E. Landwehr, Formal Models for Computer Security, ACM Computing Surveys (CSUR), v.13 n.3, p.247-278, Sept. 1981  [doi>10.1145/356850.356852]
 
23
Robert Lemos. Payroll site closes on security worries, February 2005. http://news.com.com/2102-1029_3-5587859.html.
24
J. Liedtke, On micro-kernel construction, Proceedings of the fifteenth ACM symposium on Operating systems principles, p.237-250, December 03-06, 1995, Copper Mountain, Colorado, United States
 
25
Peter Loscocco , Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.29-42, June 25-30, 2001
 
26
LWIP. http://savannah.nongnu.org/projects/lwip/.
 
27
Catherine Jensen McCollum, Judith R. Messing, and LouAnna Notargiacomo. Beyond the pale of MAC and DAC---defining new forms of access control. In Proc. 1990 IEEE Symposium on Security and Privacy, pp. 190--200, Oakland, CA, May 1990.
 
28
M. D. McIlroy , J. A. Reeds, Multilevel security in the UNIX tradition, Software—Practice & Experience, v.22 n.8, p.673-694, Aug. 1992  [doi>10.1002/spe.4380220805]
 
29
Mark S. Miller, Ka-Ping Yee, and Jonathan Shapiro. Capability myths demolished. Technical Report SRL2003-02, Johns Hopkins University Systems Research Laboratory, 2003. http://www.erights.org/elib/capability/duals/.
 
30
James G. Mitchell, Jonathan Gibbons, Graham Hamilton, Peter B. Kessler, Yousef Y. A. Khalidi, Panos Kougiouris, Peter Madany, Michael N. Nelson, Michael L. Powell, and Sanjay R. Radia. An overview of the Spring system. In Proc. COMPCON 1994, pp. 122--131, February 1994.
31
Andrew C. Myers , Barbara Liskov, Protecting privacy using the decentralized label model, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.410-442, Oct. 2000  [doi>10.1145/363516.363526]
 
32
News10. Hacker accesses thousands of personal data files at CSU Chico, March 2005. http://www.news10.net/storyfull1.asp?id=9784.
 
33
Vivek S. Pai, Peter Druschel, and Willy Zwaenepoel. Flash: An efficient and portable Web server. In Proc. 1999 USENIX Annual Technical Conference, pp. 199--212, Monterey, CA, June 1999.
 
34
Rob Pike, Dave Presotto, Sean Dorward, Bob Flandrena, Ken Thompson, Howard Trickey, and Phil Winterbottom. Plan 9 from Bell Labs. Computing Systems, 8(3):221--254, Summer 1995.
35
Richard F. Rashid , George G. Robertson, Accent: A communication oriented network operating system kernel, Proceedings of the eighth ACM symposium on Operating systems principles, p.64-75, December 14-16, 1981, Pacific Grove, California, United States
 
36
Marc Rozier, Vadim Abrossimov, François Armand, I. Boule, Michel Gien, M. Guillemont, F. Herrmann, Claude Kaiser, S. Langlois, P. Leonard, and W. Neuhauser. CHORUS distributed operating system. Computing Systems, 1:305--370, Fall 1988.
 
37
Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proc. of the IEEE, 63(9):1278--1308, September 1975.
 
38
Bruce Schneier, Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish), Fast Software Encryption, Cambridge Security Workshop, p.191-204, December 09-11, 1993
39
Jonathan S. Shapiro , Jonathan M. Smith , David J. Farber, EROS: a fast capability system, Proceedings of the seventeenth ACM symposium on Operating systems principles, p.170-185, December 12-15, 1999, Charleston, South Carolina, United States
 
40
SQLite. http://www.sqlite.org.
41
Andrew S. Tanenbaum , Robbert van Renesse , Hans van Staveren , Gregory J. Sharp , Sape J. Mullender, Experiences with the Amoeba distributed operating system, Communications of the ACM, v.33 n.12, p.46-63, Dec. 1990  [doi>10.1145/96267.96281]
 
42
VMware. VMware and the National Security Agency team to build advanced secure computer systems, January 2001. http://www.vmware.com/pdf/TechTrendNotes.pdf.
43
Rob von Behren , Jeremy Condit , Feng Zhou , George C. Necula , Eric Brewer, Capriccio: scalable threads for internet services, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
44
Robert Watson, Wayne Morrison, Chris Vance, and Brian Feldman. The TrustedBSD MAC framework: Extensible kernel access control for FreeBSD 5.0. In Proc. 2003 USENIX Annual Technical Conference, pp. 285--296, San Antonio, TX, June 2003.
45
Matt Welsh , David Culler , Eric Brewer, SEDA: an architecture for well-conditioned, scalable internet services, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
46
Andrew Whitaker , Marianne Shaw , Steven D. Gribble, Scale and performance in the Denali isolation kernel, Proceedings of the 5th symposium on Operating systems design and implementation

Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading

, December 09-11, 2002, Boston, Massachusetts  [doi>10.1145/1060289.1060308]

CITED BY  25
Úlfar Erlingsson , John MacCormick, Ad hoc extensibility and access control, ACM SIGOPS Operating Systems Review, v.40 n.3, July 2006
Alan Shieh , Dan Williams , Emin Gün Sirer , Fred B. Schneider, Nexus: a new operating system for trustworthy computing, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
Stephen Chong , K. Vikram , Andrew C. Myers, SIF: enforcing confidentiality and integrity in web applications, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
Avik Chaudhuri , Prasad Naldurg , Sriram Rajamani, A type system for data-flow integrity on windows vista, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Richard Ta-Min , Lionel Litty , David Lie, Splitting interfaces: making trust between applications and operating systems configurable, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
Steve Vandebogart , Petros Efstathopoulos , Eddie Kohler , Maxwell Krohn , Cliff Frey , David Ziegler , Frans Kaashoek , Robert Morris , David Mazières, Labels and event processes in the Asbestos operating system, ACM Transactions on Computer Systems (TOCS), v.25 n.4, p.11-es, December 2007
Nickolai Zeldovich , Silas Boyd-Wickizer , David Mazières, Securing distributed systems with information flow control, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.293-308, April 16-18, 2008, San Francisco, California
Andrea Bittau , Petr Marchenko , Mark Handley , Brad Karp, Wedge: splitting applications into reduced-privilege compartments, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.309-322, April 16-18, 2008, San Francisco, California
Susanta Nanda , Lap-Chung Lam , Tzi-cker Chiueh, Dynamic multi-process information flow tracking for web application security, Proceedings of the 8th ACM/IFIP/USENIX international conference on Middleware, November 26-30, 2007, Newport Beach, California
Manigandan Radhakrishnan , Jon A. Solworth, NetAuth: supporting user-based network services, Proceedings of the 17th conference on Security symposium, p.227-241, July 28-August 01, 2008, San Jose, CA
Stephen McCamant , Michael D. Ernst, Quantitative information flow as network flow capacity, ACM SIGPLAN Notices, v.43 n.6, June 2008
Robert W. Wisniewski , Dilma da Silva , Marc Auslander , Orran Krieger , Michal Ostrowski , Bryan Rosenburg, K42: lessons for the OS community, ACM SIGOPS Operating Systems Review, v.42 n.1, January 2008
Jodie P. Boyer , Ragib Hasan , Lars E. Olson , Nikita Borisov , Carl A. Gunter , David Raila, Improving multi-tier security using redundant authentication, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
Maxwell Krohn , Alexander Yip , Micah Brodsky , Natan Cliffer , M. Frans Kaashoek , Eddie Kohler , Robert Morris, Information flow control for standard OS abstractions, ACM SIGOPS Operating Systems Review, v.41 n.6, December 2007
Nickolai Zeldovich , Silas Boyd-Wickizer , Eddie Kohler , David Mazières, Making information flow explicit in HiStar, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
Haibo Chen , Jieyun Chen , Wenbo Mao , Fei Yan, Daonity - Grid security from two levels of virtualization, Information Security Tech. Report, v.12 n.3, p.123-138, January, 2007
Bryan D. Payne , Reiner Sailer , Ramón Cáceres , Ron Perez , Wenke Lee, A layered approach to simplified access control in virtualized systems, ACM SIGOPS Operating Systems Review, v.41 n.4, July 2007
Chris Lesniewski-Laas , Bryan Ford , Jacob Strauss , Robert Morris , M. Frans Kaashoek, Alpaca: extensible authorization for distributed services, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Shashidhar Mysore , Bita Mazloom , Banit Agrawal , Timothy Sherwood, Understanding and visualizing full systems with data flow tomography, ACM SIGARCH Computer Architecture News, v.36 n.1, March 2008
Avik Chaudhuri , Prasad Naldurg , Sriram K. Rajamani , G. Ramalingam , Lakshmisubrahmanyam Velaga, EON: modeling and analyzing dynamic access control systems with logic programs, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Avik Chaudhuri , Prasad Naldurg , Sriram Rajamani, A type system for data-flow integrity on Windows Vista, ACM SIGPLAN Notices, v.43 n.12, December 2008
Ravi Chugh , Jeffrey A. Meister , Ranjit Jhala , Sorin Lerner, Staged information flow for javascript, ACM SIGPLAN Notices, v.44 n.6, June 2009
Ziqing Mao , Ninghui Li , Hong Chen , Xuxian Jiang, Trojan horse resistant discretionary access control, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Toshihiro Yokoyama , Miyuki Hanaoka , Makoto Shimamura , Kenji Kono, Simplifying security policy descriptions for internet servers in secure operating systems, Proceedings of the 2009 ACM symposium on Applied Computing, March 08-12, 2009, Honolulu, Hawaii
Alexander Yip , Neha Narula , Maxwell Krohn , Robert Morris, Privacy-preserving browser-side scripting with BFlow, Proceedings of the fourth ACM european conference on Computer systems, April 01-03, 2009, Nuremberg, Germany

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Information flow controls

Additional Classification:
  C. Computer Systems Organization
  C.5 COMPUTER SYSTEM IMPLEMENTATION
      C.5.5 Servers

  D. Software
  D.4 OPERATING SYSTEMS
      D.4.1 Process Management
      D.4.6 Security and Protection
          Subjects: Access controls
      D.4.7 Organization and Design


General Terms:
Design, Performance, Security


Keywords:
event processes, information flow, labels, mandatory access control, secure web servers

Collaborative Colleagues:
Petros Efstathopoulos: colleagues
Maxwell Krohn: colleagues
Steve VanDeBogart: colleagues
Cliff Frey: colleagues
David Ziegler: colleagues
Eddie Kohler: colleagues
David Mazières: colleagues
Frans Kaashoek: colleagues
Robert Morris: colleagues
This Article has also been published in:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player