Next: About this document ...
Up: The Flask Security Architecture:
Previous: Acknowledgments
- 1
-
M. D. Abrams.
Renewed Understanding of Access Control Policies.
In Proceedings of the 16th National Computer Security
Conference, pages 87-96, Oct. 1993.
- 2
-
M. D. Abrams, L. J. LaPadula, K. W. Eggers, and I. M. Olson.
A Generalized Framework for Access Control: An Informal Description.
In Proceedings of the 13th National Computer Security
Conference, pages 135-143, Oct. 1990.
- 3
-
D. E. Bell and L. J. La Padula.
Secure Computer Systems: Mathematical Foundations and Model.
Technical Report M74-244, The MITRE Corporation, Bedford, MA, May
1973.
- 4
-
T. C. V. Benzel, E. J. Sebes, and H. Tajalli.
Identification of Subjects and Objects in a Trusted Extensible Client
Server Architecture.
In Proceedings of the 18th National Information Systems Security
Conference, pages 83-99, 1995.
- 5
-
B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. E. Fiuczynski, D. Becker,
C. Chambers, and S. Eggers.
Extensibility, Safety, and Performance in the SPIN Operating
System.
In Proc. of the 15th ACM Symp. on Operating Systems
Principles, pages 267-284, Copper Mountain, CO, Dec. 1995.
- 6
-
W. E. Boebert and R. Y. Kain.
A Practical Alternative to Hierarchical Integrity Policies.
In Proceedings of the Eighth National Computer Security
Conference, 1985.
- 7
-
M. I. Bushnell.
Towards a New Strategy of OS Design.
GNU's Bulletin, 1(16), Jan. 1994.
- 8
-
M. Carney and B. Loe.
A Comparison of Methods for Implementing Adaptive Security Policies.
In Proceedings of the Seventh USENIX Security Symposium, pages
1-14, Jan. 1998.
- 9
-
A. Chitturi.
Implementing Mandatory Network Security in a Policy-flexible System.
Master's thesis, University of Utah, 1998.
pp. 70.
http://www.cs.utah.edu/projects/flux/fluke/html/flask.html.
- 10
-
D. F. Ferraiolo, J. A. Cugini, and D. R. Kuhn.
Role-Based Access Control (RBAC): Features and Motivations.
In Proceedings of the Eleventh Annual Computer Security
Applications Conference, Dec. 1995.
- 11
-
T. Fine and S. E. Minear.
Assuring Distributed Trusted Mach.
In Proceedings IEEE Computer Society Symposium on Research in
Security and Privacy, pages 206-218, May 1993.
- 12
-
B. Ford, G. Back, G. Benson, J. Lepreau, A. Lin, and O. Shivers.
The Flux OSKit: A Substrate for OS and Language Research.
In Proc. of the 16th ACM Symp. on Operating Systems
Principles, pages 38-51, St. Malo, France, Oct. 1997.
- 13
-
B. Ford, M. Hibler, J. Lepreau, R. McGrath, and P. Tullmann.
Interface and Execution Models in the Fluke Kernel.
In Proceedings of the 3rd USENIX Symposium on Operating Systems
Design and Implementation, pages 101-116, Feb. 1999.
- 14
-
B. Ford, M. Hibler, J. Lepreau, P. Tullmann, G. Back, and S. Clawson.
Microkernels Meet Recursive Virtual Machines.
In Proceedings of the Symposium on Operating Systems Design and
Implementations, pages 137-151, Oct. 1996.
- 15
-
T. Fraser and L. Badger.
Ensuring Continuity During Dynamic Security Policy Reconfiguration in
DTE.
In Proceedings of the 1998 IEEE Symposium on Security and
Privacy, pages 15-26, May 1998.
- 16
-
M. Gasser.
Building a Secure Computer Systems.
Van Nostrand Reinhold Company, 1988.
- 17
-
I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer.
A Secure Environment for Untrusted Helper Applications.
In Proceedings of the 6th Usenix Security Symposium, July 1996.
- 18
-
L. Gong.
A Secure Identity-Based Capability System.
In Proceedings of the 1989 IEEE Symposium on Security and
Privacy, pages 56-63, May 1989.
- 19
-
R. Graubart.
On the Need for a Third Form of Access Control.
In Proceedings of the 12th National Computer Security
Conference, pages 296-304, Oct. 1989.
- 20
-
R. Grimm and B. N. Bershad.
Providing Policy-Neutral and Transparent Access Control in Extensible
Systems.
In J. Vitek and C. Jensen, editors, Secure Internet Programming:
Security Issues for Distributed and Mobile Objects, volume 1603 of Lecture Notes in Computer Science. Springer-Verlag, June 1999.
- 21
-
N. Hardy.
The Confused Deputy.
Operating Systems Review, 22(4):36-38, Oct. 1988.
- 22
-
T. Jaeger, J. Liedtke, and N. Islam.
Operating System Protection for Fine-Grained Programs.
In Proceedings of the Seventh USENIX Security Symposium, pages
143-157, Jan. 1998.
- 23
-
R. Kain and C. Landwehr.
On Access Checking in Capability-Based Systems.
In Proceedings of the 1986 IEEE Symposium on Security and
Privacy, pages 66-77, May 1986.
- 24
-
P. A. Karger.
New Methods for Immediate Revocation.
In Proceedings of the 1989 IEEE Symposium on Security and
Privacy, pages 48-55, May 1989.
- 25
-
P. A. Karger and A. J. Herbert.
An Augmented Capability Architecture to Support Lattice Security and
Traceability of Access.
In Proceedings of the 1984 IEEE Symposium on Security and
Privacy, pages 2-12, May 1984.
- 26
-
S. Kent and R. Atkinson.
Security Architecture for the Internet Protocol.
RFC 2401, Internet Engineering Task Force, Nov. 1998.
ftp://ftp.isi.edu/in-notes/rfc2401.txt.
- 27
-
S. R. Kleiman.
Vnodes: An Architecture for Multiple File System Types in Sun
UNIX.
In Proc. of the Summer 1986 USENIX Conf., pages 238-247,
Atlanta, GA, June 1986.
- 28
-
C. R. Landau.
Security in a Secure Capability-Based System.
Operating Systems Review, pages 2-4, Oct. 1989.
- 29
-
R. Levin, E. Cohen, W. Corwin, P. F., and W. Wulf.
Policy/mechanism separation in Hydra.
In Proceedings of the Fifth Symposium on Operating Systems
Principles, pages 132-140, Unversity of Texas at Austin, Nov. 1975.
ACM/SIGOPS.
- 30
-
J. Liedtke.
Clans and Chiefs.
In Architektur von Rechensystemen. Springer-Verlag, Mar. 1992.
- 31
-
K. Loepere.
Mach 3 Kernel Interfaces.
Open Software Foundation and Carnegie Mellon University, Nov. 1992.
- 32
-
P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner,
and J. F. Farrell.
The Inevitability of Failure: The Flawed Assumption of Security in
Modern Computing Environments.
In Proceedings of the 21st National Information Systems Security
Conference, pages 303-314, Oct. 1998.
http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf.
- 33
-
D. Maughan, M. Schertler, M. Schneider, and J. Turner.
Internet Security Association and Key Management Protocol (ISAKMP).
RFC 2408, Internet Engineering Task Force, Nov. 1998.
ftp://ftp.isi.edu/in-notes/rfc2408.txt.
- 34
-
C. J. McCollum, J. R. Messing, and L. Notargiacomo.
Beyond the pale of MAC and DAC - defining new forms of access
control.
In Proceedings of the 1990 IEEE Symposium on Security and
Privacy, pages 190-200, May 1990.
- 35
-
S. E. Minear.
Providing Policy Control Over Object Operations in a Mach Based
System.
In Proceedings of the Fifth USENIX UNIX Security Symposium,
pages 141-156, June 1995.
- 36
-
J. G. Mitchell, J. J. Gibbons, G. Hamilton, P. B. Kessler, Y. A. Khalidi,
P. Kougiouris, P. W. Madany, M. N. Nelson, M. L. Powell, and S. R. Radia.
An Overview of the Spring System.
In A Spring Collection. Sun Microsystems, Inc., 1994.
- 37
-
T. Mitchem, R. Lu, and R. O'Brien.
Using Kernel Hypervisors to Secure Applications.
In Proceedings of the Annual Computer Security Applications
Conference, Dec. 1997.
- 38
-
D. Olawsky, T. Fine, E. Schneider, and R. Spencer.
Developing and Using a ``Policy Neutral'' Access Control Policy.
In Proceedings of the New Security Paradigms Workshop. ACM,
Sept. 1996.
- 39
-
E. I. Organick.
The Multics System : An Examination of its Structure.
MIT Press, 1972.
- 40
-
S. A. Rajunas, N. Hardy, A. C. Bomberger, W. S. Frantz, and C. R. Landau.
Security in KeyKOS.
In Proceedings of the 1986 IEEE Symposium on Security and
Privacy, pages 78-85, Apr. 1986.
- 41
-
S. G. Ravi Sandhu, Venkata Bhamidipati and C. Youman.
The ARBAC97 Model for Role-Based Administration of Roles: Preliminary
Description and Outline.
In Proceedings of the Second ACM Workshop on Role-Based Access
Control, pages 41-50, Nov. 1997.
- 42
-
D. Redell and R. Fabry.
Selective Revocation of Capabilities.
In Proceedings of the International Workshop on Protection in
Operating Systems, pages 192-209, Aug. 1974.
- 43
-
Secure Computing Corp.
DTOS Generalized Security Policy Specification.
DTOS CDRL A019, 2675 Long Lake Rd, Roseville, MN 55113, June 1997.
http://www.securecomputing.com/randt/HTML/dtos.html.
- 44
-
Secure Computing Corp.
Assurance in the Fluke Microkernel: Formal Security Policy Model.
CDRL A003, 2675 Long Lake Rd, Roseville, MN 55113, Feb. 1999.
http://www.cs.utah.edu/projects/flux/fluke/html/flask.html.
- 45
-
Secure Computing Corp.
Assurance in the Fluke Microkernel: Formal Top-Level
Specification.
CDRL A004, 2675 Long Lake Rd, Roseville, MN 55113, Feb. 1999.
http://www.cs.utah.edu/projects/flux/fluke/html/flask.html.
- 46
-
M. I. Seltzer, Y. Endo, C. Small, and K. A. Smith.
Dealing With Disaster: Surviving Misbehaved Kernel Extensions.
In Proc. of the Second Symp. on Operating Systems Design and
Implementation, pages 213-227, Seattle, WA, Oct. 1996. USENIX Assoc.
- 47
-
J. S. Shapiro.
EROS: A Capability System.
Technical Report Technical Report MS-CIS-97-04, University of
Pennsylvania, Department of Computer and Information Science, 1997.
- 48
-
D. F. Sterne, M. Branstad, B. Hubbard, and B. M. D. Wolcott.
An Analysis of Application Specific Security Policies.
In Proceedings of the 14th National Computer Security
Conference, pages 25-36, Oct. 1991.
- 49
-
SunSoft, Inc.
Spring Programmer's Guide, 1995.
On-line documentation included in the Spring Research Distribution
1.0.
- 50
-
D. S. Wallach, D. Balfanz, D. Dean, and E. W. Felten.
Extensible Security Architectures for Java.
In Proc. of the 16th ACM Symp. on Operating Systems
Principles, pages 116-128, Oct. 1997.
- 51
-
R. M. Wong.
A Comparison of Secure Unix Operating Systems.
In Proceedings of the Sixth Annual Computer Security
Applications Conference, pages 322-333, Dec. 1990.
- 52
-
W. Wulf, R. Levin, and P. Harbison.
Hydra/C.mmp: An Experimental Computer System.
McGraw-Hill, 1981.
- 53
-
M. E. Zurko and R. Simon.
User-Centered Security.
In Proceedings of the New Security Paradigms Workshop, Sept.
1996.
Stephen D. Smalley
1999-07-13