Flexible Control of Downloaded Executable Content

ACM Transactions on Information and System Security

Volumn 2, Issue 2, 1999, Pages 177-228

  Jaeger, Trent ^a   Liedtke, Jochen ^a   Islam, Nayeem ^a   Prakash, Atul ^b  

^a IBM T J WATSON RESEARCH CENTER   (United States)

^b UNIVERSITY OF MICHIGAN   (United States)

Author keywords

Access control models; authentication; authorization mechanisms; collaborative systems; Design; Management; role based access control; Security

Indexed keywords

EID: 85013593271     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/317087.317091     Document Type: Article

References (52)

1. Belani, E., Vahdat, A., Anderson, T., and Dahlin, M. 1998. The CRISIS wide area security architecture. In Proceedings of the 7th USENIX Security Symposium (Jan.). USENIX Assoc., Berkeley, CA, 15-29
2. Bertino, E., Ferrari, E., and Atluri, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 1, 2 (Feb.), 65-104
3. Bishop, M. and Dilger, M. 1996. Checking for race conditions in file accesses. Comput. Syst. 9, 2, 131-152
4. Boebert, W. E. and Kain, R. Y. 1985. A practical alternative to hierarchical integrity policies. In Proceedings of the 8th National Conference on Computer Security. 18-27
5. Borenstein, N. S. 1992. Computational mail as network infrastructure for computer-supported cooperative work. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work (CSCW '92, Toronto, Canada, Oct. 31-Nov. 4), M. Mantel and R. Baecker, Eds. ACM Press, New York, NY, 67-74
6. Borenstein, N. S. 1994. Email with a mind of its own: The Safe-Tcl language for enabled mail. In ULPAA '94. 389-402
7. Brewer, D. F. C. and Nash, M. J. 1989. The Chinese Wall security policy. In Proceedings of the IEEE Symposium on Research in Security and Privacy (Oakland, CA). IEEE Computer Society Press, Los Alamitos, CA, 206-214
8. Clauer, R. C. E. Al. 1995. A prototype upper atmospheric collaboratory (UARC). In Applications of Data Handling and Visualization Technique in Atmospheric Space Sciences. 105-112
9. Dean, D., Felten, E., and Wallach, D. 1996. Java security: From HotJava to Netscape and beyond. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, CA, May). IEEE Press, Piscataway, NJ
10. Dennis, J. B. and Van Horn, E. C. 1966. Programming semantics for multiprogrammed computations. Commun. ACM 9, 3 (Mar.), 143-155
11. Dorward, S., Pike, R., and Winterbottom, P. 1996. Inferno: la commedia interattiva. inferno.bell-labs.com
12. Foley, S. and Jacob, J. 1991. Specifying security for CSCW systems. In Proceedings of the Fourth IEEE Workshop on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 136-145
13. Freier, A. O., Karlton, P., and Kocher, P. C. 1996. The SSL Protocol Version 3.0. Internet Draft
14. Gallo, F. S. 1996. Penguin: Java done right. Perl J. 1, 2, 10-12
15. Gasser, M. and Mcdermott, E. 1990. An architecture for practical delegation in a distributed system. In Proceedings of the IEEE Symposium on Research in Security and Privacy (Oakland, CA). IEEE Computer Society Press, Los Alamitos, CA, 20-30
16. Giuri, L. and Iglio, P. 1997. Role templates for content-based access control. In Proceedings of the Second ACM Workshop on Role-based Access Control (RBAC '97, Fairfax, VA, Nov. 6-7, 1997), C. Youman, E. Coyne, and T. Jaeger, Eds. ACM Press, New York, NY, 153-159
17. Goldberg, Y., Safran, M., and Shapiro, E. 1992. Active mail-a framework for implementing groupware. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work (CSCW '92, Toronto, Canada, Oct. 31-Nov. 4), M. Mantel and R. Baecker, Eds. ACM Press, New York, NY, 75-83
18. Gong, L. 1997. Enclaves: Enabling secure communication over the internet. IEEE J. Sel. Areas Commun. 15, 3 (Apr.)
19. Gong, L. 1997. Java security: Present and near future. IEEE Micro 17, 3, 14-19
20. Gosling, J., Joy, B., and Steele, G. 1996. The Java Language Specification. Addison-Wesley, Reading, MA
21. Grimm, R. and Bershad, B. N. 1998. Providing policy-neutral and transparent access control in extensible systems. Technical Report Number UW-CSE-98-02-02. University of Washington, Seattle, WA
22. Hagimont, D. and Ismail, L. 1997. A protection scheme for mobile agents on Java. In Proceedings of the 3rd Annual ACM/IEEE International Conference on Mobile Computing and Networking (MOBICOM '97, Budapest, Hungary, Sept. 26-30, 1997), L. Pap, K. Sohraby, D. B. Johnson, and C. Rose, Eds. ACM Press, New York, NY, 215-222
23. Halevi, S. and Krawczyk, H. 1997. MMH: Software message authentication in the Gbit/s rates. In Proceedings of the Fourth Workshop on Fast Encryption
24. Hawblitzel, C., Chang, C.-C., Czajkowski, G., Hu, D., and Von Eicken, T. 1998. IMPLEMENTING MULTIPLE PROTECTION DOMAINS IN JAVA. IN Proceedings of the 1998 USENIX Conference. USENIX Assoc., Berkeley, CA
25. Islam, N., Anand, R., Jaeger, T., and Rao, J. R. 1997. A flexible security model for using Internet content. IEEE Softw. 14, 5 (Sept.)
26. Jaeger, T., Elphinstone, K., Liedtke, J., Panteleenko, V., and Park, Y. 1999. Flexible access control using IPC redirection. In Proceedings of the 7th Workshop on Hot Topics in Operating Systems
27. Jaeger, T., Giraud, F., Islam, N., and Liedtke, J. 1997. A role-based access control model for protection domain derivation and management. In Proceedings of the Second ACM Workshop on Role-based Access Control (RBAC '97, Fairfax, VA, Nov. 6-7, 1997), C. Youman, E. Coyne, and T. Jaeger, Eds. ACM Press, New York, NY, 95-106
28. Jaeger, T., Liedtke, J., and Islam, N. 1998. Operating system protection for fine-grained programs. In Proceedings of the 7th USENIX Security Symposium (Jan.). USENIX Assoc., Berkeley, CA, 143-156
29. Jaeger, T. and Prakash, A. 1994. Support for the file system security requirements of computational E-mail systems. In Proceedings of the 2nd ACM Conference on Computer and Communications Security (Fairfax, VA, Nov. 2-4), D. Denning, R. Pyle, R. Ganesan, and R. Sandhu, Eds. ACM Press, New York, NY, 1-9
30. Jaeger, T. and Prakash, A. 1995. Implementation of a discretionary access control model for script-based systems. In Proceedings of the 8th IEEE Workshop on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 70-84
31. Jaeger, T., Rubin, A., and Prakash, A. 1996. Building systems that flexibly control downloaded executable content. In Proceedings of the 6th USENIX Security Symposium. USENIX Assoc., Berkeley, CA, 131-148
32. Kain, R. Y. and Landwehr, C. E. 1986. On access checking in capability-based systems. In Proceedings of the 1986 IEEE Symposium on Security and Privacy (Oakland, CA, Apr. 7-9, 1986). IEEE Computer Society Press, Los Alamitos, CA, 95-100
33. Karjoth, G. 1998. Authorization in CORBA security. In Proceedings of the Conference on ESORICS
34. Knister, M. and Prakash, A. 1993. Issues in the design of a toolkit for supporting multiple group editors. Comput. Syst. 6, 2, 135-166
35. Lampson, B., Abadi, M., Burrows, M., and Wobber, E. 1992. Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst. 10, 4 (Nov. 1992), 265-310
36. Lee, J., Prakash, A., Jaeger, T., and Wu, G. 1996. Supporting multi-user multi-applet workspaces in CBE. In Proceedings of the 6th ACM Conference on Computer-Supported Coorperative Work (CSCW '96, Boston MA, Nov.). ACM Press, New York, NY, 344-353
37. Levy, J. Y. and Ousterhout, J. K. 1995. Safe Tcl: A toolbox for constructing electronic meeting places. In Proceedings of the First USENIX Workshop on Electronic Commerce. USENIX Assoc., Berkeley, CA, 133-135
38. Liedtke, J. 1992. Clans & chiefs. In Architektur von Rechensystemen. Springer-Verlag, Vienna, Austria
39. Liedtke, J. 1995. On-kernel construction. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SIGOPS '95, Copper Mountain Resort, CO, Dec. 3-6), M. B. Jones, Ed. ACM Press, New York, NY
40. Lupu, E. and Sloman, M. 1997. Reconciling role based management and role based access control. In Proceedings of the Second ACM Workshop on Role-based Access Control (RBAC '97, Fairfax, VA, Nov. 6-7, 1997), C. Youman, E. Coyne, and T. Jaeger, Eds. ACM Press, New York, NY, 135-141
41. Minear, S. E. 1995. Providing policy control over object operations in a Mach-based system. In Proceedings of the 5th USENIX Security Symposium. USENIX Assoc., Berkeley, CA
42. Minsky, N. H. and Ungureanu, V. 1998. Unified support for heterogenous security policies in distributed systems. In Proceedings of the 7th USENIX Security Symposium (Jan.). USENIX Assoc., Berkeley, CA, 131-142
43. Ousterhout, J. K. 1994. Tcl and the Tk Toolkit. Addison-Wesley Professional Computing Series. Addison-Wesley Longman Publ. Co., Inc., Reading, MA
44. Ousterhout, J. K., Levy, J. Y., and Welch, B. B. 1998. The Safe-Tcl security model. In Proceedings of the 23rd USENIX Annual Conference. USENIX Assoc., Berkeley, CA
45. Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sept.), 1278-1308
46. Sandhu, R. 1998. Role activation hierarchies. In Proceedings of the Third ACM Workshop on Role-Based Access Control (RBAC '98, Fairfax, VA, Oct. 22-23, 1998), C. Youman and T. Jaeger, Eds. ACM Press, New York, NY, 33-40
47. Sandhu, R. S., Bhamidipati, V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 1, 2 (Feb.)
48. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2, 38-47
49. Thomsen, D., O'Brien, D., and Bogle, J. 1998. Role based access control framework for network enterprises. In Proceedings of the 14th Conference on Computer Security Applications. IEEE Computer Society Press, Los Alamitos, CA
50. Wallace, D. S. and Felten, E. W. 1998. Understanding Java stack introspection. In Proceedings of the 1998 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA
51. White, J. E. 1995. Telescript Language Reference Manual. Available from www.genmagic-.com
52. Wobber, E., Abadi, M., Burrows, M., and Lampson, B. 1994. Authentication in the Taos operating system. ACM Trans. Comput. Syst. 12, 1 (Feb. 1994), 3-32