Check out the new USENIX Web site.

Bibliography

1
1003.1E, I. D. S.
Draft Standard for Information Technology-POSIX Part 1: System API: Protection, Audit and Control Interface, 1997.

2
ACHARYA, A., AND RAJE, M.
MAPbox: Using parameterized behavior classes to confine untrusted applications.
In Proceedings of the 9th USENIX Security Symposium (Denver, Colorado, Aug. 2000), USENIX.

3
BERGER, J. L., PICCIOTTO, J., WOODWARD, J. P. L., AND CUMMINGS, P. T.
Compartmented mode workstation: Prototype highlights.
IEEE Transactions on Software Engineering 16, 6 (1990), 608-618.
Special Section on Security and Privacy.

4
BERNSTEIN, D. J.
Some thoughts on security after ten years of qmail 1.0.
In First Computer Security Architecture Workshop (2007), ACM, p. 1.
Invited paper.

5
BLAZE, M., FEIGENBAUM, J., IOANNIDIS, J., AND KEROMYTIS, A.
RFC 2704: The KeyNote Trust-Management System Version 2, Sept. 1999.

6
BRUMLEY, D., AND SONG, D. X.
Privtrans: Automatically partitioning programs for privilege separation.
In USENIX Security Symposium (2004), pp. 57-72.

7
CASADO, M., FREEDMAN, M. J., PETTIT, J., LUO, J., MCKEOWN, N., AND SHENKER, S.
Ethane: taking control of the enterprise.
In Proceedings of the ACM SIGCOMM 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (Aug. 2007), J. Murai and K. Cho, Eds., ACM, pp. 1-12.

8
CASADO, M., GARFINKEL, T., AKELLA, A., FREEDMAN, M., BONEH, D., MCKEOWN, N., AND SHENKER, S.
Sane: A protection architecture for enterprise networks.
In Usenix Security (Oct. 2006).

9
COWAN, C., BEATTIE, S., KROAH-HARTMAN, G., PU, C., WAGLE, P., AND GLIGOR, V.
Subdomain: Parsimonious security server.
In 14th Systems Administration Conference (LISA 2000) (New Orleans, LA, 2000), pp. 355-367.

10
COX, R., GROSSE, E., PIKE, R., PRESOTTO, D., AND QUINLAN, S.
Security in Plan 9.
In Proc. of the USENIX Security Symposium (2002), pp. 3-16.

11
EFSTATHOPOULOS, P., KROHN, M., VANDEBOGART, S., FREY, C., ZIEGLER, D., KOHLER, E., MAZIÈRES, D., KAASHOEK, F., AND MORRIS, R.
Labels and event processes in the asbestos operating system.
SIGOPS Oper. Syst. Rev. 39, 5 (2005), 17-30.

12
FREIER, A. O., KARLTON, P., AND KOCHER, P. C.
The SSL protocol -- version 3.0.
Internet Draft, Transport Layer Security Working Group, Nov. 1996.

13
GANAPATHY, V., JAEGER, T., AND JHA, S.
Retrofitting legacy code for authorization policy enforcement.
In IEEE Symposium on Security and Privacy (2006), pp. 214-229.

14
GARFINKEL, T., PFAFF, B., AND ROSENBLUM, M.
Ostia: A delegating architecture for secure system call interposition.
In Proc. Network and Distributed Systems Security Symposium (February 2004).

15
GOLDBERG, I., WAGNER, D., THOMAS, R., AND BREWER, E. A.
A secure environment for untrusted helper applications (confining the wily hacker).
In Proc. of the USENIX Security Symposium (San Jose, Ca., 1996).

16
IOANNIDIS, S., BELLOVIN, S. M., IOANNIDIS, J., KEROMYTIS, A. D., AND SMITH, J. M.
Virtual private services: Coordinated policy enforcement for distributed applications.
IJNS 4, 1 (Jan. 2007).
https://www1.cs.columbia.edu/~angelos/Papers/2006/ijns.pdf.

17
JAEGER, T., BUTLER, K., KING, D. H., HALLYN, S., LATTEN, J., AND ZHANG, X.
Leveraging IPsec for mandatory access control across systems.
In Proceedings of the Second International Conference on Security and Privacy in Communication Networks (Aug. 2006).

18
KAUFMAN, C.
RFC 4306: Internet key exchange (ikev2) protocol, Dec. 2005.

19
KENT, S., AND SEO, K.
RFC 4301: Security architecture for the internet protocol, Dec. 2005.

20
KILPATRICK, D.
Privman: A library for partitioning applications.
In USENIX Annual Technical Conference, FREENIX Track (2003), USENIX, pp. 273-284.

21
KROHN, M. N.
Building secure high-performance web services with OKWS.
In USENIX Annual Technical Conference, General Track (2004), pp. 185-198.

22
KURCHUK, A., AND KEROMYTIS, A. D.
Recursive sandboxes: Extending systrace to empower applications.
In SEC (2004), pp. 473-488.

23
LAMPORT, L.
Password authentification with insecure communication.
Commun. ACM 24, 11 (1981), 770-772.

24
LINN, J.
Generic interface to security services.
Computer Communications 17, 7 (July 1994), 476-482.

25
MCCUNE, J. M., JAEGER, T., BERGER, S., CÁCERES, R., AND SAILER, R.
Shamon: A system for distributed mandatory access control.
In ACSAC (2006), IEEE Computer Society, pp. 23-32.

26
MCVOY, L., AND STAELIN, C.
lmbench: Portable tools for performance analysis.
In Proceedings of the USENIX 1996 annual technical conference: January 22-26, 1996, San Diego, California, USA (pub-USENIX:adr, 1996), USENIX, Ed., USENIX Conference Proceedings 1996, USENIX, pp. 279-294.

27
MILTCHEV, S., PREVELAKIS, V., IOANNIDIS, S., IOANNIDIS, J., KEROMYTIS, A. D., AND SMITH, J. M.
Secure and flexible global file sharing.
In USENIX Annual Technical Conference, FREENIX Track (2003), USENIX, pp. 165-178.

28
PROVOS, N.
Improving host security with system call policies.
Tech. rep., CITI, University of Michigan, 2002.

29
PROVOS, N., FRIEDL, M., AND HONEYMAN, P.
Preventing privilege escalation.
In Proceedings of the 12th USENIX Security Symposium (Aug. 2003), USENIX, pp. 231-242.

30
RADHAKRISHNAN, M., AND SOLWORTH, J. A.
Application security support in the operating system kernel.
In ACM Symposium on InformAtion, Computer and Communications Security (AsiaCCS'06) (Taipei, Taiwan, Mar. 2006), pp. 201-211.

31
RIVEST, R., SHAMIR, A., AND ADLEMAN, L.
On digital signatures and public key cryptosystems.
Communications of the ACM (CACM) 21 (1978), 120-126.

32
SALTZER, J. H., AND SCHROEDER, M. D.
The protection of information in computer system.
Proceedings of the IEEE 63, 9 (1975), 1278-1308.

33
SAMAR, V.
Unified login with Pluggable Authentication Modules (PAM).
In Proc. ACM Conference on Computer and Communications Security (CCS) (1996), C. Neuman, Ed., ACM Press, pp. 1-10.

34
SMALLEY, S., VANCE, C., AND SALAMON, W.
Implementing SELinux as a Linux security module.
Report #01-043, NAI Labs, Dec. 2001.
Revised April 2002.

35
SOLWORTH, J. A., AND SLOAN, R. H.
Decidable administrative controls based on security properties, 2004.
Available at https://www.rites.uic.edu/~solworth/kernelSec.html.

36
SOLWORTH, J. A., AND SLOAN, R. H.
A layered design of discretionary access controls with decidable properties.
In Proc. IEEE Symp. Security and Privacy (2004), pp. 56-67.

37
SOLWORTH, J. A., AND SLOAN, R. H.
Security property-based administrative controls.
In Proc. European Symp. Research in Computer Security (ESORICS) (2004), vol. 3139 of Lecture Notes in Computer Science, Springer, pp. 244-259.

38
STEINER, J. G., NEUMAN, B. C., AND SCHILLER, J. I.
Kerberos: An authentication service for open network systems.
In Winter 1988 USENIX Conference (Dallas, TX, 1988), pp. 191-201.

39
STEVENS, W. R.
Advanced Programming in the UNIX Environment.
Addison-Wesley, 1992.

40
SWANDER, B., HUTTUNEN, A., VOLPE, V., AND DIBURRO, L.
RFC 3948: UDP encapsulation of IPsec ESP packets, Jan. 2005.

41
WRIGHT, C., COWAN, C., SMALLEY, S., MORRIS, J., AND KROAH-HARTMAN, G.
Linux Security Modules: General security support for the Linux Kernel.
In Proc. of the USENIX Security Symposium (San Francisco, Ca., 2002).

42
YLONEN, T.
SSH--secure login connections over the internet.
In Proc. of the USENIX Security Symposium (San Jose, California, 1996), pp. 37-42.



Manigandan Radhakrishnan 2008-05-13