Internet Archive Scholar

Labels and event processes in the asbestos operating system

Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazières, Frans Kaashoek, Robert Morris
2005 ACM SIGOPS Operating Systems Review  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (258.6 kB)
https://web.archive.org/web/20170810025929/http://courses.cs.vt.edu/cs5204/fall12-kafura/Papers/Security/Asbestos-OS-Labels-Events.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced label mechanism, including controls on inter-process communication and systemwide information flow. A new event process abstraction provides lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while
more » ... preventing it from leaking any single user's data to any other user. A Web server that uses Asbestos labels to isolate user data requires about 1.5 memory pages per user, demonstrating that additional security can come at an acceptable cost.
doi:10.1145/1095809.1095813 fatcat:fascf7yijrgkdp7bhfwotbhyzy
Citation

Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazières, Frans Kaashoek, Robert Morris. "Labels and event processes in the asbestos operating system." ACM SIGOPS Operating Systems Review 39.5 (2005) 17