|
7th USENIX Security Symposium, San Antonio, Texas
Operating System Protection for Fine-Grained Programs
Trent Jaeger, Jochen Liedtke, and Nayeem Islam
IBM T.J. Watson Research Center
Abstract
We present an operating system-level security model for controlling
fine-grained programs, such as downloaded executable content, and
compare this security model's implementation to that of language-based
security models. Language-based security has well-known limitations,
such as the lack of complete mediation (e.g., for compiled programs or
race condition attacks) and faulty self-protection (effective security
is unproven). Operating system-level models are capable of complete
mediation and self-protection, but some researchers argue that
operating system-level security models are unlikely to supplant such
language-based models because they lack portability and performance.
In this paper, we detail an operating system-level security model
built on the Lava Nucleus, a minimal, fast  -kernel operating
system. We show how it can enforce security requirements for
fine-grained programs and show that its performance overhead (with the
additional security) can be virtually negligible when compared to
language-based models. Given the sufficient performance and security,
the portability issue should become moot because other vendors will
have to meet the higher security and performance expectations of their
customers.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program