Accession Number : ADA440047
Title : Asbestos: Securing Untrusted Software with Interposition
Descriptive Note : Final technical rept.
Corporate Author : NEW YORK UNIV NY DEPT OF COMPUTER SCIENCE
Personal Author(s) : Mazieres, David ; Kohler, Eddie ; Kaashoek, Frans ; Morris, Robert
Report Date : Sep 2005
Pagination or Media Count : 29
Abstract : The main goal of the Asbestos effort was to build an operating system that allows users to control applications using encapsulation, without having to understand the application security properties. The specific tasks undertaken were to study interposition - as a mechanism for controlling software, to investigate extensions of the interface to mandatory access control, to work out detailed message sequences for example applications, and to develop a prototype implementation of Asbestos. In the end, after examination of example applications (a hug-proof' web server) and our mandatory access control mechanism, led to the realization that the proper mandatory access control mechanism can suffice for the kinds of security properties we wished to achieve. Thus, the prototype implementation relies mostly on Asbestos's mandatory labeling mechanism for security, not interposition.
Descriptors : *DATA PROCESSING SECURITY , *OPERATING SYSTEMS(COMPUTERS) , *COMPUTER ACCESS CONTROL , MEMORY DEVICES , ENCAPSULATION , LABELS
Subject Categories : Computer Systems Management and Standards
Distribution Statement : APPROVED FOR PUBLIC RELEASE