2002 Articles
Sub-Operating Systems: A New Approach to Application Security
Users regularly exchange apparently innocuous data files using email and ftp. While the users view these data as passive, there are situations when they are interpreted as code by some system application. In that case the data become "active." Some examples of such data are Java, JavaScript and Microsoft Word attachments, each of which are executed within the security context of the user, allowing potentially arbitrary machine access. The structure of current operating systems and user applications makes solving this problem challenging. We propose a new protection mechanism to address active content, which applies fine-grained access controls at the level of individual data objects. All data objects arriving from remote sources are tagged with a non-removable identifier. This identifier dictates its permissions and privileges rather than the file owner's user ID. Since users possess many objects, the system provides far more precise access control policies to be enforced, and at a far finer granularity than previous designs.
Subjects
Files
- subos.pdf application/pdf 78.8 KB Download File
Also Published In
More About This Work
- Academic Units
- Computer Science
- Published Here
- June 24, 2010
Notes
Proceedings of the 10th Workshop on ACM SIGOPS European Workshop: Saint-Émillion (France), July 1, 2002 (New York: ACM Press, 2002), pp. 108-115.