As information exchange over wide area networks becomes an increasingly essential component of new applications, firewalls will no longer provide an adequate defense against malicious attackers. Individual workstations will need to provide strong enough security to contain malicious processes and prevent the domino effect of a pierced firewall. Some of the most commonly found security holes today result from the fact that simple operations can be surprisingly difficult to implement correctly on top of a traditional POSIX-like interface. We claim that by combining hierarchically-named capabilities, a novel generalization of the Unix user and group ID concept, with the low-level system calls of an exokernel operating system, we can achieve a system-call interface which is flexible enough to avoid much of the complexity that often leads to security holes in discretionary access control operating systems like Unix.
[1]
Tatu Ylonen,et al.
SSH: secure login connections over the internet
,
1996
.
[2]
Neil Haller,et al.
The S/KEY One-Time Password System
,
1995,
RFC.
[3]
Jack B. Dennis,et al.
Programming semantics for multiprogrammed computations
,
1966,
CACM.
[4]
Dawson R. Engler,et al.
Exokernel: an operating system architecture for application-level resource management
,
1995,
SOSP.
[5]
Martín Abadi,et al.
Authentication in the Taos operating system
,
1993,
SOSP '93.
[6]
Jeffrey I. Schiller,et al.
An Authentication Service for Open Network Systems. In
,
1998
.
[7]
Matt Bishop,et al.
Checking for Race Conditions in File Accesses
,
1996,
Comput. Syst..