separation, containment, utility computing, HPUX, assurance One of the key aspects of securing a system is to ensure separation and containment between different concerns. This could be between processes and communications within a single machine; through to different applications and network segments in an enterprise to customers in a shared data centre. Containment is generally achieved through a variety of often complex mechanisms making it hard to configure and even harder to assure users that the desired containment relationships are maintained. In this paper we present an approach to assuring users about containment of systems by developing an abstract containment model suitable for many situations. This model then has detail added, t...
Hardware support for isolated execution (such as Intel SGX) enables development of applications that...
This paper presents secure program partitioning, a language-based technique for protecting confident...
Configurations are introduced as a new model for the description and analysis of secure data systems...
Abstract. Important aspects of both security and safety are related to process encapsulation and con...
A protection model is presented for a multi-user dataflow computing system which is incorporated int...
The increased sharing of computational resources elevates the risk of side channels and covert chann...
To minimize the damage in the event of a security breach it is desirable to limit the privileges of ...
As part of the general goal of providing secure computer systems, the design of verifiably secure o...
are those of the authors and should not be interpreted as representing the official policies, either...
We present a formal system that models programmable abstractions for access control. Composite abstr...
THe confinement problem is concerned with preventing a computaitonal service from divulging informa...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
Software systems are becoming heterogeneous: instead of a small number of large programs from well-e...
This paper presents secure program partitioning, a language-based technique for protecting confident...
Software systems are becoming heterogeneous: instead of a small number of large pro-grams from well-...
Hardware support for isolated execution (such as Intel SGX) enables development of applications that...
This paper presents secure program partitioning, a language-based technique for protecting confident...
Configurations are introduced as a new model for the description and analysis of secure data systems...
Abstract. Important aspects of both security and safety are related to process encapsulation and con...
A protection model is presented for a multi-user dataflow computing system which is incorporated int...
The increased sharing of computational resources elevates the risk of side channels and covert chann...
To minimize the damage in the event of a security breach it is desirable to limit the privileges of ...
As part of the general goal of providing secure computer systems, the design of verifiably secure o...
are those of the authors and should not be interpreted as representing the official policies, either...
We present a formal system that models programmable abstractions for access control. Composite abstr...
THe confinement problem is concerned with preventing a computaitonal service from divulging informa...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
Software systems are becoming heterogeneous: instead of a small number of large programs from well-e...
This paper presents secure program partitioning, a language-based technique for protecting confident...
Software systems are becoming heterogeneous: instead of a small number of large pro-grams from well-...
Hardware support for isolated execution (such as Intel SGX) enables development of applications that...
This paper presents secure program partitioning, a language-based technique for protecting confident...
Configurations are introduced as a new model for the description and analysis of secure data systems...