This paper describes Metagap'e, a formally specified family of capability systems capable of restricting the transfer of both information and access rights. Previous work indicates that the identification of such architectures is difficult, and in most cases their verification is undecidable. To the best of our knowledge, Metagap'e spans all real capability systems known to support the confinement property, and excludes all known systems that do not. One test of effectiveness for a protection system is its ability to enforce the confinement property, which requires that information be contained within well-specified boundaries. This paper demonstrates a proof of correctness of Metagap'e with respect to confinement. We show t...
This work is concerned with the security of the standard T10 OSD protocol, a capabilitybased protoco...
Interface-confinement is a common mechanism that secures untrusted code by executing it inside a san...
Abstract—Interface-confinement is a common mechanism that secures untrusted code by executing it ins...
Capability systems can be used to imple-ment higher-level security policies including the *-property...
Capability systems can be used to implement higher-level security policies including the *-property ...
In capability systems it can be hard to assert confinement from static analysis only. In this paper ...
A confined program is one which is unable to leak information to an unauthorized party or modify una...
THe confinement problem is concerned with preventing a computaitonal service from divulging informa...
We present a formal system that models programmable abstractions for access control. Composite abstr...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
We address three common misconceptions about capability-based systems: the Equivalence Myth (access ...
Abstract—Interface-confinement is a common mechanism that secures untrusted code by executing it ins...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
International audienceThis paper presents a framework and implementation guidelines to set up nested...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
This work is concerned with the security of the standard T10 OSD protocol, a capabilitybased protoco...
Interface-confinement is a common mechanism that secures untrusted code by executing it inside a san...
Abstract—Interface-confinement is a common mechanism that secures untrusted code by executing it ins...
Capability systems can be used to imple-ment higher-level security policies including the *-property...
Capability systems can be used to implement higher-level security policies including the *-property ...
In capability systems it can be hard to assert confinement from static analysis only. In this paper ...
A confined program is one which is unable to leak information to an unauthorized party or modify una...
THe confinement problem is concerned with preventing a computaitonal service from divulging informa...
We present a formal system that models programmable abstractions for access control. Composite abstr...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
We address three common misconceptions about capability-based systems: the Equivalence Myth (access ...
Abstract—Interface-confinement is a common mechanism that secures untrusted code by executing it ins...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
International audienceThis paper presents a framework and implementation guidelines to set up nested...
Vulnerabilities in computer systems arise in part due to programmer's logical errors, and in part al...
This work is concerned with the security of the standard T10 OSD protocol, a capabilitybased protoco...
Interface-confinement is a common mechanism that secures untrusted code by executing it inside a san...
Abstract—Interface-confinement is a common mechanism that secures untrusted code by executing it ins...