Title :
Secure applications need flexible operating systems
Author :
Mazières, David ; Kaashoek, M. Frans
Author_Institution :
Lab. for Comput. Sci., MIT, Cambridge, MA, USA
Abstract :
As information exchange over wide area networks becomes an increasingly essential component of new applications, firewalls will no longer provide an adequate defense against malicious attackers. Individual workstations will need to provide strong enough security to contain malicious processes and prevent the domino effect of a pierced firewall. Some of the most commonly found security holes today result from the fact that simple operations can be surprisingly difficult to implement correctly on top of a traditional POSIX-like interface. We claim that by combining hierarchically-named capabilities, a novel generalization of the Unix user and group ID concept, with the low-level system calls of an exokernel operating system, we can achieve a system-call interface which is flexible enough to avoid much of the complexity that often leads to security holes in discretionary access control operating systems like Unix
Keywords :
Unix; application program interfaces; authorisation; electronic data interchange; naming services; operating systems (computers); wide area networks; workstations; POSIX-like interface; Unix; discretionary access control; domino effect; exokernel operating system; firewalls; flexible operating systems; group ID; hierarchically-named capabilities; information exchange; low-level system calls; malicious attackers; malicious processes; secure applications; system-call interface; user ID; wide area networks; workstation security; Access control; Application software; Computer science; Data security; Information security; Kernel; Laboratories; Operating systems; Protection; Wide area networks;
Conference_Titel :
Operating Systems, 1997., The Sixth Workshop on Hot Topics in
Conference_Location :
Cape Cod, MA
Print_ISBN :
0-8186-7834-8
DOI :
10.1109/HOTOS.1997.595183
