Accession Number : ADA440047


Title :   Asbestos: Securing Untrusted Software with Interposition


Descriptive Note : Final technical rept.


Corporate Author : NEW YORK UNIV NY DEPT OF COMPUTER SCIENCE


Personal Author(s) : Mazieres, David ; Kohler, Eddie ; Kaashoek, Frans ; Morris, Robert


Full Text : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA440047


Report Date : SEP 2005


Pagination or Media Count : 29


Abstract : The main goal of the Asbestos effort was to build an operating system that allows users to control applications using encapsulation, without having to understand the application security properties. The specific tasks undertaken were to study interposition - as a mechanism for controlling software, to investigate extensions of the interface to mandatory access control, to work out detailed message sequences for example applications, and to develop a prototype implementation of Asbestos. In the end, after examination of example applications (a "hug-proof' web server) and our mandatory access control mechanism, led to the realization that the proper mandatory access control mechanism can suffice for the kinds of security properties we wished to achieve. Thus, the prototype implementation relies mostly on Asbestos's mandatory labeling mechanism for security, not interposition.


Descriptors :   *DATA PROCESSING SECURITY , *OPERATING SYSTEMS(COMPUTERS) , *COMPUTER ACCESS CONTROL , MEMORY DEVICES , ENCAPSULATION , LABELS.


Subject Categories : COMPUTER SYSTEMS MANAGEMENT AND STANDARDS


Distribution Statement : APPROVED FOR PUBLIC RELEASE