|
USENIX Technical Program - Abstract - WinsSys - August 2000
WindowBox: A Simple Security Model for the Connected Desktop
Dirk Balfanz, Princeton University; Daniel R. Simon, Microsoft Research
Abstract
Breaches in computer security do not just exploit bugs in
applications; they are often also the result of mismanaged
protection mechanisms. The tools available to protect sensitive
resources and networks are tedious to use, non-intuitive, and often
require expert knowledge. As a result, many PC and workstation
users end up administering their system security poorly, creating
serious security vulnerabilities. This paper presents a new security
model, WindowBox, which presents the user with a model in which the
workstation is divided into multiple desktops. Each desktop is sealed
off from the others, giving users a means to confine the possibly
dangerous results of their actions. We have implemented our security
model on Windows 2000, leveraging the existing desktop metaphor, the
ability to switch between multiple desktops, and specific kernel
security mechanisms.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it
from Adobe's
site.
- To become a USENIX Member, please see our Membership Information.
- Current USENIX Members may change their password.
|
Need help? Use our Contacts page.
