My undergraduate thesis on a capability based security system for a data-centric operating system.
1@inproceedings{twizzler,
2 author = {Daniel Bittman and Peter Alvaro and Pankaj Mehra and Darrell D. E.
3 Long and Ethan L. Miller},
4 title = {Twizzler: a {Data-Centric} {OS} for {Non-Volatile} Memory},
5 booktitle = {2020 USENIX Annual Technical Conference (USENIX ATC 20)},
6 year = {2020},
7 isbn = {978-1-939133-14-4},
8 pages = {65--80},
9 url = {https://www.usenix.org/conference/atc20/presentation/bittman},
10 publisher = {USENIX Association},
11 month = jul,
12}
13
14@inproceedings{linux_security,
15 author = {Zhai, Gaoshou and Li, Yaodong},
16 year = {2009},
17 month = {01},
18 pages = {58 - 61},
19 title = {Analysis and Study of Security Mechanisms inside Linux Kernel},
20 doi = {10.1109/SecTech.2008.17},
21}
22
23
24@article{ecdsa,
25 author = {Johnson, Don and Menezes, Alfred and Vanstone, Scott},
26 title = {The Elliptic Curve Digital Signature Algorithm (ECDSA)},
27 year = {2001},
28 issue_date = {August 2001},
29 publisher = {Springer-Verlag},
30 address = {Berlin, Heidelberg},
31 volume = {1},
32 number = {1},
33 issn = {1615-5262},
34 url = {https://doi.org/10.1007/s102070100002},
35 doi = {10.1007/s102070100002},
36 abstract = {The Elliptic Curve Digital Signature Algorithm (ECDSA) is the
37 elliptic curve analogue of the Digital Signature Algorithm (DSA).
38 It was accepted in 1999 as an ANSI standard and in 2000 as IEEE
39 and NIST standards. It was also accepted in 1998 as an ISO
40 standard and is under consideration for inclusion in some other
41 ISO standards. Unlike the ordinary discrete logarithm problem and
42 the integer factorization problem, no subexponential-time
43 algorithm is known for the elliptic curve discrete logarithm
44 problem. For this reason, the strength-per-key-bit is
45 substantially greater in an algorithm that uses elliptic curves.
46 This paper describes the ANSI X9.62 ECDSA, and discusses related
47 security, implementation, and interoperability issues.},
48 journal = {Int. J. Inf. Secur.},
49 month = aug,
50 pages = {36–63},
51 numpages = {28},
52 keywords = {Key words: Signature schemes --- Elliptic curve cryptography ---
53 DSA --- ECDSA},
54}
55
56
57@book{cap-book,
58 author = {Levy, Henry M.},
59 title = {Capability-Based Computer Systems},
60 year = {1984},
61 isbn = {0932376223},
62 publisher = {Butterworth-Heinemann},
63 address = {USA},
64}
65
66
67
68
69
70// TODO: fix this shi
71@inproceedings{twizsec,
72 author = {Daniel Bittman and Peter Alvaro and Pankaj Mehra and Darrell D. E.
73 Long and Ethan L. Miller},
74 title = {A Data Centric Model for OS Security},
75 isbn = {978-1-939133-14-4},
76 pages = {65--80},
77 url = {https://www.usenix.org/conference/atc20/presentation/bittman},
78 publisher = {USENIX Association},
79 month = jul,
80}
81
82@article{flume,
83 author = {Krohn, Maxwell and Yip, Alexander and Brodsky, Micah and Cliffer,
84 Natan and Kaashoek, M. Frans and Kohler, Eddie and Morris, Robert},
85 title = {Information flow control for standard OS abstractions},
86 year = {2007},
87 issue_date = {December 2007},
88 publisher = {Association for Computing Machinery},
89 address = {New York, NY, USA},
90 volume = {41},
91 number = {6},
92 issn = {0163-5980},
93 url = {https://doi.org/10.1145/1323293.1294293},
94 doi = {10.1145/1323293.1294293},
95 abstract = {Decentralized Information Flow Control (DIFC) is an approach to
96 security that allows application writers to control how data
97 flows between the pieces of an application and the outside world.
98 As applied to privacy, DIFC allows untrusted software to compute
99 with private data while trusted security code controls the
100 release of that data. As applied to integrity, DIFC allows
101 trusted code to protect untrusted software from unexpected
102 malicious inputs. In either case, only bugs in the trusted code,
103 which tends to be small and isolated, can lead to security
104 violations.We present Flume, a new DIFC model that applies at the
105 granularity of operating system processes and standard OS
106 abstractions (e.g., pipes and file descriptors). Flume was
107 designed for simplicity of mechanism, to ease DIFC's use in
108 existing applications, and to allow safe interaction between
109 conventional and DIFC-aware processes. Flume runs as a user-level
110 reference monitor onLinux. A process confined by Flume cannot
111 perform most system calls directly; instead, an interposition
112 layer replaces system calls with IPCto the reference monitor,
113 which enforces data flowpolicies and performs safe operations on
114 the process's behalf. We ported a complex web application
115 (MoinMoin Wiki) to Flume, changingonly 2\% of the original code.
116 Performance measurements show a 43\% slowdown on read
117 workloadsand a 34\% slowdown on write workloads, which aremostly
118 due to Flume's user-level implementation.},
119 journal = {SIGOPS Oper. Syst. Rev.},
120 month = oct,
121 pages = {321–334},
122 numpages = {14},
123 keywords = {DIFC, decentralized information flow control, endpoints,
124 reference monitor, system call interposition, web services},
125}
126
127
128