@inproceedings{twizzler,
	author = {Daniel Bittman and Peter Alvaro and Pankaj Mehra and Darrell D. E.
	          Long and Ethan L. Miller},
	title = {Twizzler: a {Data-Centric} {OS} for {Non-Volatile} Memory},
	booktitle = {2020 USENIX Annual Technical Conference (USENIX ATC 20)},
	year = {2020},
	isbn = {978-1-939133-14-4},
	pages = {65--80},
	url = {https://www.usenix.org/conference/atc20/presentation/bittman},
	publisher = {USENIX Association},
	month = jul,
}

@inproceedings{linux_security,
	author = {Zhai, Gaoshou and Li, Yaodong},
	year = {2009},
	month = {01},
	pages = {58 - 61},
	title = {Analysis and Study of Security Mechanisms inside Linux Kernel},
	doi = {10.1109/SecTech.2008.17},
}


@article{ecdsa,
	author = {Johnson, Don and Menezes, Alfred and Vanstone, Scott},
	title = {The Elliptic Curve Digital Signature Algorithm (ECDSA)},
	year = {2001},
	issue_date = {August 2001},
	publisher = {Springer-Verlag},
	address = {Berlin, Heidelberg},
	volume = {1},
	number = {1},
	issn = {1615-5262},
	url = {https://doi.org/10.1007/s102070100002},
	doi = {10.1007/s102070100002},
	abstract = {The Elliptic Curve Digital Signature Algorithm (ECDSA) is the
	            elliptic curve analogue of the Digital Signature Algorithm (DSA).
	            It was accepted in 1999 as an ANSI standard and in 2000 as IEEE
	            and NIST standards. It was also accepted in 1998 as an ISO
	            standard and is under consideration for inclusion in some other
	            ISO standards. Unlike the ordinary discrete logarithm problem and
	            the integer factorization problem, no subexponential-time
	            algorithm is known for the elliptic curve discrete logarithm
	            problem. For this reason, the strength-per-key-bit is
	            substantially greater in an algorithm that uses elliptic curves.
	            This paper describes the ANSI X9.62 ECDSA, and discusses related
	            security, implementation, and interoperability issues.},
	journal = {Int. J. Inf. Secur.},
	month = aug,
	pages = {36–63},
	numpages = {28},
	keywords = {Key words: Signature schemes --- Elliptic curve cryptography ---
	            DSA --- ECDSA},
}


@book{cap-book,
	author = {Levy, Henry M.},
	title = {Capability-Based Computer Systems},
	year = {1984},
	isbn = {0932376223},
	publisher = {Butterworth-Heinemann},
	address = {USA},
}

      



// TODO: fix this shi
@inproceedings{twizsec,
	author = {Daniel Bittman and Peter Alvaro and Pankaj Mehra and Darrell D. E.
	          Long and Ethan L. Miller},
	title = {A Data Centric Model for OS Security},
	isbn = {978-1-939133-14-4},
	pages = {65--80},
	url = {https://www.usenix.org/conference/atc20/presentation/bittman},
	publisher = {USENIX Association},
	month = jul,
}

@article{flume,
	author = {Krohn, Maxwell and Yip, Alexander and Brodsky, Micah and Cliffer,
	          Natan and Kaashoek, M. Frans and Kohler, Eddie and Morris, Robert},
	title = {Information flow control for standard OS abstractions},
	year = {2007},
	issue_date = {December 2007},
	publisher = {Association for Computing Machinery},
	address = {New York, NY, USA},
	volume = {41},
	number = {6},
	issn = {0163-5980},
	url = {https://doi.org/10.1145/1323293.1294293},
	doi = {10.1145/1323293.1294293},
	abstract = {Decentralized Information Flow Control (DIFC) is an approach to
	            security that allows application writers to control how data
	            flows between the pieces of an application and the outside world.
	            As applied to privacy, DIFC allows untrusted software to compute
	            with private data while trusted security code controls the
	            release of that data. As applied to integrity, DIFC allows
	            trusted code to protect untrusted software from unexpected
	            malicious inputs. In either case, only bugs in the trusted code,
	            which tends to be small and isolated, can lead to security
	            violations.We present Flume, a new DIFC model that applies at the
	            granularity of operating system processes and standard OS
	            abstractions (e.g., pipes and file descriptors). Flume was
	            designed for simplicity of mechanism, to ease DIFC's use in
	            existing applications, and to allow safe interaction between
	            conventional and DIFC-aware processes. Flume runs as a user-level
	            reference monitor onLinux. A process confined by Flume cannot
	            perform most system calls directly; instead, an interposition
	            layer replaces system calls with IPCto the reference monitor,
	            which enforces data flowpolicies and performs safe operations on
	            the process's behalf. We ported a complex web application
	            (MoinMoin Wiki) to Flume, changingonly 2\% of the original code.
	            Performance measurements show a 43\% slowdown on read
	            workloadsand a 34\% slowdown on write workloads, which aremostly
	            due to Flume's user-level implementation.},
	journal = {SIGOPS Oper. Syst. Rev.},
	month = oct,
	pages = {321–334},
	numpages = {14},
	keywords = {DIFC, decentralized information flow control, endpoints,
	            reference monitor, system call interposition, web services},
}