The Case for Abstracting Security Policies

My first ever academic paper, written with the expert guidance of Alan Mycroft and my PhD colleagues Dave Scott and Richard Sharp! We worked on a system call policy language to help constrain application access to privileged resources, and implemented this on OpenBSD using systrace. The paper describing the declarative language was presented at SAM 2003 in Las Vegas.

"Untrusted code" is just as much a social problem as it is a technical problem. Looking for a complete solution is unrealistic: it is analogous to looking for a solution to crime in general. With this in mind, we do not claim that our proposed framework is a panacea. However, although a number of security problems remain (e.g. covert channel leakage), we claim that our system offers the potential to raise the security level of existing general purpose operating systems significantly.

The Case for Abstracting Security Policies

Anil Madhavapeddy, Alan Mycroft, Dave Scott, and Richard Sharp.

Paper in the proceedings of the International Conference on Security and Management, SAM 03, June 23 - 26, 2003, Las Vegas, Nevada, USA, Volume 1.

URL (cl.cam.ac.uk)   BIB   PDF

# 1st Jun 2003 papers conference dsl kernel openbsd security systems