Add to ORKGCapability systems can be used to implement higher-level security policies including the *-property if a mechanism exists to ensure confinement. The implementation can be efficient if the "weak" access restriction described in this paper is introduced. In the course of developing EROS, a pure capability system, it became clear that verifying the correctness of the confinement mechanism was necessary in establishing the security of the operating system. This paper presents a verification of the EROS con nement mechanism with respect to a broad class of capability architectures (including EROS). We give a formal statement of the requirements, construct a model of the architecture's security policy and operational semantics, and...
Abstract. [Context and motivation] Security mechanisms, such as fire-walls and encryption, operation...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
System administrators specify the access control policy they want and implement the relevant configu...
Capability systems can be used to imple-ment higher-level security policies including the *-property...
A confined program is one which is unable to leak information to an unauthorized party or modify una...
Capability-based operating systems have logical advantages over access-control list based systems fo...
This paper describes Metagap'e, a formally specified family of capability systems capable of re...
EROS, the Extremely Reliable Operating System, addresses the issues of reliability and security by c...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
In capability systems it can be hard to assert confinement from static analysis only. In this paper ...
Window systems are the primary mediator of user input and output in modern computing systems. They a...
We address three common misconceptions about capability-based systems: the Equivalence Myth (access ...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
We present a formal system that models programmable abstractions for access control. Composite abstr...
The foundation for security enforcement is access control. Re-sources must be protected against acce...
Abstract. [Context and motivation] Security mechanisms, such as fire-walls and encryption, operation...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
System administrators specify the access control policy they want and implement the relevant configu...
Capability systems can be used to imple-ment higher-level security policies including the *-property...
A confined program is one which is unable to leak information to an unauthorized party or modify una...
Capability-based operating systems have logical advantages over access-control list based systems fo...
This paper describes Metagap'e, a formally specified family of capability systems capable of re...
EROS, the Extremely Reliable Operating System, addresses the issues of reliability and security by c...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
In capability systems it can be hard to assert confinement from static analysis only. In this paper ...
Window systems are the primary mediator of user input and output in modern computing systems. They a...
We address three common misconceptions about capability-based systems: the Equivalence Myth (access ...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
We present a formal system that models programmable abstractions for access control. Composite abstr...
The foundation for security enforcement is access control. Re-sources must be protected against acce...
Abstract. [Context and motivation] Security mechanisms, such as fire-walls and encryption, operation...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
System administrators specify the access control policy they want and implement the relevant configu...