Eros-based Confined Capability Client
Abstract
Objective of EROS-Based Confined Capability Client Project is to demonstrate that systems constructed using capability-based protection can be organized in a way that makes it defensible from hostile internet content. This was accomplished by constructing of a single exemplar application, a web browser using capability-based structuring techniques, and determining whether this application can defend itself against hostile content. The specific test employed demonstrated that the browser always renders the URL being displayed accurately, and that this rendering cannot be altered by any means available to the page author. Means of attack available to the page author include exploiting flaws in the browser implementation, such as buffer overrun vulnerabilities. The work performed produced four specific results: a secure network protocol stack, a trusted window system, a browser prototype, and an assessment of the cost and complexity of porting existing applications to capability-based foundations as currently implemented. One important conclusion is that it is possible to build high-performance, defensible systems using capability-based protection and confinement to provide defense in depth that is difficult for either hostile content or well-intentioned misconfiguration to compromise.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2006
- Accession Number
- ADA454977
Entities
People
- Jonathan S. Shapiro
Organizations
- Johns Hopkins University