Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Operating System Protection for Fine-Grained Programs
Tweet

connect with us

Operating System Protection for Fine-Grained Programs

Authors: 

Trent Jaeger, Jochen Liedtke, and Nayeem Islam, IBM T.J. Watson Research Center

Abstract: 

We present an operating system-level security model for controlling fine-grained programs, such as downloaded executable content, and compare this security model's implementation to that of language-based security models. Language-based security has well-known limitations, such as the lack of complete mediation (e.g., for compiled programs or race condition attacks) and faulty self-protection (effective security is unproven). Operating system-level models are capable of complete mediation and self-protection, but some researchers argue that operating system-level security models are unlikely to supplant such language-based models because they lack portability and performance. In this paper, we detail an operating system-level security model built on the Lava Nucleus, a minimal, fast tex2html_wrap_inline509 -kernel operating system. We show how it can enforce security requirements for fine-grained programs and show that its performance overhead (with the additional security) can be virtually negligible when compared to language-based models. Given the sufficient performance and security, the portability issue should become moot because other vendors will have to meet the higher security and performance expectations of their customers.

Trent Jaeger, IBM T.J. Watson Research Center

Jochen Liedtke, IBM T.J. Watson Research Center

Nayeem Islam, IBM T.J. Watson Research Center

BibTeX
@inproceedings {261400,
author = {Trent Jaeger and Jochen Liedtke and Nayeem Islam},
title = {Operating System Protection for {Fine-Grained} Programs},
booktitle = {7th USENIX Security Symposium (USENIX Security 98)},
year = {1998},
address = {San Antonio, TX},
url = {https://www.usenix.org/conference/7th-usenix-security-symposium/operating-system-protection-fine-grained-programs},
publisher = {USENIX Association},
month = jan,
}
Download

Links

Paper: 
http://usenix.org/publications/library/proceedings/sec98/full_papers/jaeger/jaeger.pdf
Paper (HTML): 
http://usenix.org/publications/library/proceedings/sec98/full_papers/jaeger/jaeger_html/jaeger.html
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us