Asbestos: Securing Untrusted Software with Interposition
Final technical rept.
NEW YORK UNIV NY DEPT OF COMPUTER SCIENCE
Pagination or Media Count:
The main goal of the Asbestos effort was to build an operating system that allows users to control applications using encapsulation, without having to understand the application security properties. The specific tasks undertaken were to study interposition - as a mechanism for controlling software, to investigate extensions of the interface to mandatory access control, to work out detailed message sequences for example applications, and to develop a prototype implementation of Asbestos. In the end, after examination of example applications a hug-proof web server and our mandatory access control mechanism, led to the realization that the proper mandatory access control mechanism can suffice for the kinds of security properties we wished to achieve. Thus, the prototype implementation relies mostly on Asbestoss mandatory labeling mechanism for security, not interposition.
- Computer Systems Management and Standards