Outline *Introduction Policy Flexibility Insufficiency of Popular Mechanisms *Related Work Flask Design and Implementation Results Summary ence and Technol *Other Flask object managers Current Status 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
Outline ❖Introduction ❖Policy Flexibility ❖Insufficiency of Popular Mechanisms ❖Related Work ❖Flask Design and Implementation ❖Results ❖Summary ❖Other Flask object managers ❖Current Status
Outline Introduction Policy Flexibility Insufficiency of Popular Mechanisms *Related Work Flask Design and Implementation Results Summary ence and Technolo *Other Flask object managers Current Status 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
Outline ❖Introduction ❖Policy Flexibility ❖Insufficiency of Popular Mechanisms ❖Related Work ❖Flask Design and Implementation ❖Results ❖Summary ❖Other Flask object managers ❖Current Status
Introduction The notion of"security"in a system is defined in terms of its security policy A wide range of security policies exist due to the diversity of computing environments Operating systems must be flexible in support for security policies to accommodate the spectrum of security policies of Science and Technolog 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
Introduction ❖The notion of “security” in a system is defined in terms of its security policy ❖A wide range of security policies exist due to the diversity of computing environments ❖Operating systems must be flexible in support for security policies to accommodate the spectrum of security policies
Supporting policy flexibility is not as simple as just implementing multiple policies 3 Requirements of Policy Flexibility >Support fine-grained access controls on low-level objects >Propagate access rights according to security policy >Deal with changes in policy over time,including revoking previously granted permissions of Science and Technolo 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
❖Supporting policy flexibility is not as simple as just implementing multiple policies ❖3 Requirements of Policy Flexibility ➢Support fine-grained access controls on low-level objects ➢Propagate access rights according to security policy ➢Deal with changes in policy over time, including revoking previously granted permissions
Earlier systems provided some mechanisms to implement policy flexibility >Previous systems failed to address all three requirements at once This paper describes Flask architecture and a microkernel based prototype to demonstrate that policy flexibility is feasible 1958 Flask is based on the concept of mandatory access controls (MAC) Compare to discretionary access controls(DAC) ot Science and Technole 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
❖ Earlier systems provided some mechanisms to implement policy flexibility ➢ Previous systems failed to address all three requirements at once ❖ This paper describes Flask architecture and a microkernel based prototype to demonstrate that policy flexibility is feasible ❖ Flask is based on the concept of mandatory access controls (MAC) ➢ Compare to discretionary access controls (DAC)