Accession Number:

ADA440047

Title:

Asbestos: Securing Untrusted Software with Interposition

Descriptive Note:

Final technical rept.

Corporate Author:

NEW YORK UNIV NY DEPT OF COMPUTER SCIENCE

Report Date:

2005-09-01

Pagination or Media Count:

29.0

Abstract:

The main goal of the Asbestos effort was to build an operating system that allows users to control applications using encapsulation, without having to understand the application security properties. The specific tasks undertaken were to study interposition - as a mechanism for controlling software, to investigate extensions of the interface to mandatory access control, to work out detailed message sequences for example applications, and to develop a prototype implementation of Asbestos. In the end, after examination of example applications a hug-proof web server and our mandatory access control mechanism, led to the realization that the proper mandatory access control mechanism can suffice for the kinds of security properties we wished to achieve. Thus, the prototype implementation relies mostly on Asbestoss mandatory labeling mechanism for security, not interposition.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE