Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
4,663
A Security Architecture for Computational Grids
, 1998
"... State-of-the-art and emerging scientific applications require fast access to large quantities of data and commensurately fast computational resources. Both resources and data are often distributed in a wide-area network with components administered locally and independently. Computations may involve ..."
Abstract
-
Cited by 568 (47 self)
- Add to MetaCart
involve hundreds of processes that must be able to acquire resources dynamically and communicate e#ciently. This paper analyzes the unique security requirements of large-scale distributed (grid) computing and develops a security policy and a corresponding security architecture. An implementation
Language-Based Information-Flow Security
- IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS
, 2003
"... Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker throug ..."
Abstract
-
Cited by 827 (57 self)
- Add to MetaCart
Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker
Lattice-Based Access Control Models
, 1993
"... The objective of this article is to give a tutorial on lattice-based access control models for computer security. The paper begins with a review of Denning's axioms for information flow policies, which provide a theoretical foundation for these models. The structure of security labels in the ..."
Abstract
-
Cited by 1518 (61 self)
- Add to MetaCart
The objective of this article is to give a tutorial on lattice-based access control models for computer security. The paper begins with a review of Denning's axioms for information flow policies, which provide a theoretical foundation for these models. The structure of security labels
Improving Host Security with System Call Policies
- In Proceedings of the 12th Usenix Security Symposium
, 2002
"... We introduce a system that eliminates the need to run programs in privileged process contexts. Using our system, programs run unprivileged but may execute certain operations with elevated privileges as determined by a configurable policy eliminating the need for suid or sgid binaries. We present the ..."
Abstract
-
Cited by 330 (0 self)
- Add to MetaCart
training session or generate them interactively during program execution. The policies describe the desired behavior of services or user applications on a system call level and are enforced to prevent operations that are not explicitly permitted. We show that Systrace is efficient and does not impose
SASI Enforcement of Security Policies: A Retrospective
- ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
, 2000
"... SASI enforces security policies by modifying object code for a target system before that system is executed. The approach has been prototyped for two rather different machine architectures: Intel x86 and Java JVML. Details of these prototypes and some generalizations about the SASI approach are di ..."
Abstract
-
Cited by 240 (16 self)
- Add to MetaCart
SASI enforces security policies by modifying object code for a target system before that system is executed. The approach has been prototyped for two rather different machine architectures: Intel x86 and Java JVML. Details of these prototypes and some generalizations about the SASI approach
Integrating Flexible Support for Security Policies into the Linux Operating System
"... The protection mechanisms of current mainstream operating systems are inadequate to support confidentiality and integrity requirements for end systems. Mandatory access control (MAC) is needed to address such requirements, but the limitations of traditional MAC have inhibited its adoption into mains ..."
Abstract
-
Cited by 312 (9 self)
- Add to MetaCart
into mainstream operating systems. The National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a flexible MAC architecture called Flask to overcome the limitations of traditional MAC. The NSA has implemented this architecture in the Linux operating system, producing a Security
Secure Execution Via Program Shepherding
, 2002
"... We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Program shepherding provides three techniques as building blocks for security policies. First, shepherding can restrict execution privileges on the basis of code or ..."
Abstract
-
Cited by 308 (5 self)
- Add to MetaCart
We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Program shepherding provides three techniques as building blocks for security policies. First, shepherding can restrict execution privileges on the basis of code
Computability Classes for Enforcement Mechanisms
- ACM Transactions on Programming Languages and Systems
, 2003
"... A precise characterization of those security policies enforceable by program rewriting is given. This characterization exposes and rectifies problems in prior work on execution monitoring, yielding a more precise characterization of those security policies enforceable by execution monitors and a ..."
Abstract
-
Cited by 112 (19 self)
- Add to MetaCart
taxonomy of enforceable security policies. Some but not all classes can be identified with known classes from computational complexity theory.
Results 1 - 10
of
4,663
