Asbestos: Securing Untrusted Software with Interposition

Abstract

The main goal of the Asbestos effort was to build an operating system that allows users to control applications using encapsulation, without having to understand the application security properties. The specific tasks undertaken were to study interposition - as a mechanism for controlling software, to investigate extensions of the interface to mandatory access control, to work out detailed message sequences for example applications, and to develop a prototype implementation of Asbestos. In the end, after examination of example applications (a "hug-proof' web server) and our mandatory access control mechanism, led to the realization that the proper mandatory access control mechanism can suffice for the kinds of security properties we wished to achieve. Thus, the prototype implementation relies mostly on Asbestos's mandatory labeling mechanism for security, not interposition.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2005
Accession Number
ADA440047

Entities

People

  • David Mazières
  • Eddie Kohler
  • Frans Kaashoek
  • Robert Morris

Organizations

  • New York University

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Asbestos
  • Computer Access Control
  • Computer Programming
  • Computer Science
  • Computers
  • Control Systems
  • Electronic Mail
  • Hypervelocity Flow
  • Language
  • Models
  • New York
  • Operating Systems
  • Security
  • Sequences
  • Servers (Computer Hardware)
  • Virtual Machines

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Systems Analysis and Design