International audienceThis paper presents our work concerning flexibility and protection in operating system kernels. In most existing operating systems, security is enforced at the price of flexibility by imposing protection models on the system programmer when building his system. We prove that flexibility can be preserved by separating the management of the protection policy from the tools used to enforce it. We present the secure software framework we have implemented in the Think architecture to manage protection policies and guarantee they are carried out as specified. We then detail the elementary protection tools provided to the programmer so he can protect his system against unauthorized accesses and denial of service attacks. These to...
Abstract. Applications typically rely on the operating system to en-force access control policies su...
Kernel extensions are widely used by attackers to com-promise the operating system kernel. With the ...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
This work aims at proving that security and flexibility can coexist in an operating system kernel. W...
In this paper, we present THINK, our distributed systems architecture, and the research we have cond...
technical reportOperating systems must be flexible in their support for security policies, i.e., the...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
Our society increasingly depends on computing devices. Customers rely on laptops and mobile devices ...
A computer system's security can be compromised in many ways—a denial-of-service attack can make a s...
We present in this paper the security features of Think, an ob ject-oriented architecture dedicated ...
We present in this paper the security features of Think, an object-oriented architecture dedicated t...
Operating system kernels isolate applications from other malicious software via protected memory cr...
Software protection aims at safeguarding assets embedded in software by preventing and delaying reve...
Our society increasingly depends on computing devices. Customers rely on laptops and mobile devices ...
Software protection aims at safeguarding assets embedded in software by preventing and delaying reve...
Abstract. Applications typically rely on the operating system to en-force access control policies su...
Kernel extensions are widely used by attackers to com-promise the operating system kernel. With the ...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
This work aims at proving that security and flexibility can coexist in an operating system kernel. W...
In this paper, we present THINK, our distributed systems architecture, and the research we have cond...
technical reportOperating systems must be flexible in their support for security policies, i.e., the...
This dissertation suggests and partially demonstrates that it is feasible to retrofit real privilege...
Our society increasingly depends on computing devices. Customers rely on laptops and mobile devices ...
A computer system's security can be compromised in many ways—a denial-of-service attack can make a s...
We present in this paper the security features of Think, an ob ject-oriented architecture dedicated ...
We present in this paper the security features of Think, an object-oriented architecture dedicated t...
Operating system kernels isolate applications from other malicious software via protected memory cr...
Software protection aims at safeguarding assets embedded in software by preventing and delaying reve...
Our society increasingly depends on computing devices. Customers rely on laptops and mobile devices ...
Software protection aims at safeguarding assets embedded in software by preventing and delaying reve...
Abstract. Applications typically rely on the operating system to en-force access control policies su...
Kernel extensions are widely used by attackers to com-promise the operating system kernel. With the ...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...