Operating system protection for fine-grained programs

Trent Jaeger, Jochen Liedtke, Nayeem Islam

Research output: Contribution to conferencePaper

Abstract

We present an operating system-level security model for controlling fine-grained programs, such as downloaded executable content, and compare this security model's implementation to that of language-based security models. Language-based security has well-known limitations, such as the lack of complete mediation (e.g., for compiled programs or race condition attacks) and faulty self-protection (effective security is unproven). Operating system-level models are capable of complete mediation and self-protection, but some researchers argue that operating system-level security models are unlikely to supplant such language-based models because they lack portability and performance. In this paper, we detail an operating system-level security model built on the Lava Nucleus, a minimal, fast μ-kernel operating system. We show how it can enforce security requirements for fine-grained programs and show that its performance overhead (with the additional security) can be virtually negligible when compared to language-based models. Given the sufficient performance and security, the portability issue should become moot because other vendors will have to meet the higher security and performance expectations of their customers.

Original languageEnglish (US)
StatePublished - Jan 1 1998
Event7th USENIX Security Symposium - San Antonio, United States
Duration: Jan 26 1998Jan 29 1998

Conference

Conference7th USENIX Security Symposium
CountryUnited States
CitySan Antonio
Period1/26/981/29/98

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Information Systems

Fingerprint Dive into the research topics of 'Operating system protection for fine-grained programs'. Together they form a unique fingerprint.

  • Cite this

    Jaeger, T., Liedtke, J., & Islam, N. (1998). Operating system protection for fine-grained programs. Paper presented at 7th USENIX Security Symposium, San Antonio, United States.