Results 1 - 10 of 2,981

Resource Containers: A New Facility for Resource Management in Server Systems

by Gaurav Banga, Peter Druschel, Jeffrey C. Mogul - In Operating Systems Design and Implementation , 1999
"... General-purpose operating systems provide inadequate support for resource management in large-scale servers. Applications lack sufficient control over scheduling and management of machine resources, which makes it difficult to enforce priority policies, and to provide robust and controlled service. ..."
Abstract - Cited by 498 (10 self) - Add to MetaCart
coincide in the process abstraction. This coincidence prevents a process that manages large numbers of network connections, for example, from properly allocating system resources among those connections. We propose and evaluate a new operating system abstraction called a resource container, which separates

Tor: The secondgeneration onion router,”

by Roger Dingledine - in 13th USENIX Security Symposium. Usenix, , 2004
"... Abstract We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, an ..."
Abstract - Cited by 1229 (33 self) - Add to MetaCart
, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability

The Object-Oriented Database System Manifesto

by Malcolm Atkinson, François Bancilhon, David DeWitt, Klaus Dittrich, David Maier, Stanley Zdonik , 1989
"... This paper attempts to define an object-oriented database system. It describes the main features and characteristics that a system must have to qualify as an objectoriented database system. We have separated these characteristics into three groups: ffl Mandatory, the ones the system must satisfy in ..."
Abstract - Cited by 361 (5 self) - Add to MetaCart
This paper attempts to define an object-oriented database system. It describes the main features and characteristics that a system must have to qualify as an objectoriented database system. We have separated these characteristics into three groups: ffl Mandatory, the ones the system must satisfy

Improving Host Security with System Call Policies

by Niels Provos - In Proceedings of the 12th Usenix Security Symposium , 2002
"... We introduce a system that eliminates the need to run programs in privileged process contexts. Using our system, programs run unprivileged but may execute certain operations with elevated privileges as determined by a configurable policy eliminating the need for suid or sgid binaries. We present the ..."
Abstract - Cited by 330 (0 self) - Add to MetaCart
the design and analysis of the "Systrace" facility which supports fine grained process confinement, intrusion detection, auditing and privilege elevation. It also facilitates the often difficult process of policy generation. With Systrace, it is possible to generate policies automatically in a

Dune: Safe User-level Access to Privileged CPU Features

by Adam Belay, Andrea Bittau, Ali Mashtizadeh, David Terei, David Mazières, Christos Kozyrakis
"... Dune is a system that provides applications with direct but safe access to hardware features such as ring protection, page tables, and tagged TLBs, while preserving the existing OS interfaces for processes. Dune uses the virtualization hardware in modern processors to provide a process, rather than ..."
Abstract - Cited by 40 (4 self) - Add to MetaCart
to implement three userlevel applications that can benefit from access to privileged hardware: a sandbox for untrusted code, a privilege separation facility, and a garbage collector. The use of Dune greatly simplifies the implementation of these applications and provides significant performance advantages. 1

Preventing Privilege Escalation

by Niels Provos - In Proceedings of the 12th USENIX Security Symposium , 2003
"... Many operating system services require special privileges to execute their tasks. A programming error in a privileged service may open the door to system compromise in form of unauthorized acquisition of privileges. In the worst case, a remote attacker may obtain superuser privileges. In this paper, ..."
Abstract - Cited by 146 (2 self) - Add to MetaCart
, we discuss the methodology and design of privilege separation, a generic approach that lets parts of an application run without special privileges. Programming errors occurring in these now unprivileged parts of the application can no longer be abused to gain unauthorized privileges. Privilege

Privtrans: automatically partitioning programs for privilege separation

by David Brumley, Dawn Song - In SSYM’04: Proceedings of the 13th conference on USENIX Security Symposium , 2004
"... Privilege separation partitions a single program into two parts: a privileged program called the monitor and an unprivileged program called the slave. All trust and privileges are relegated to the monitor, which results in a smaller and more secure trust base. Previously the privilege separation pro ..."
Abstract - Cited by 90 (4 self) - Add to MetaCart
Privilege separation partitions a single program into two parts: a privileged program called the monitor and an unprivileged program called the slave. All trust and privileges are relegated to the monitor, which results in a smaller and more secure trust base. Previously the privilege separation

Forecasting Network Performance to Support Dynamic Scheduling Using the Network Weather Service

by Rich Wolski - In Proc. 6th IEEE Symp. on High Performance Distributed Computing , 1997
"... The Network Weather Service is a generalizable and extensible facility designed to provide dynamic resource performance forecasts in metacomputing environments. In this paper, we outline its design and detail the predictive performance of the forecasts it generates. While the forecasting methods are ..."
Abstract - Cited by 228 (12 self) - Add to MetaCart
The Network Weather Service is a generalizable and extensible facility designed to provide dynamic resource performance forecasts in metacomputing environments. In this paper, we outline its design and detail the predictive performance of the forecasts it generates. While the forecasting methods

Least Privilege in Separation Kernels

by Timothy E. Levin, Cynthia E. Irvine, Thuy D. Nguyen - In Proceedings of the 2006 International Conference on Security and Cryptography , 2006
"... Abstract: We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extend ..."
Abstract - Cited by 15 (10 self) - Add to MetaCart
Abstract: We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy

Separate Compilation for Standard ML

by Andrew W. Appel, David B. Macqueen , 1994
"... Languages that support abstraction and modular structure, such as Standard ML, Modula, Ada, and (more or less) C++, may have deeply nested dependency hierarchies among source files. In ML the problem is particularly severe because ML's powerful parameterized module (functor) facility entails de ..."
Abstract - Cited by 142 (21 self) - Add to MetaCart
Languages that support abstraction and modular structure, such as Standard ML, Modula, Ada, and (more or less) C++, may have deeply nested dependency hierarchies among source files. In ML the problem is particularly severe because ML's powerful parameterized module (functor) facility entails
Results 1 - 10 of 2,981