What's ahead >Elaboration on meaning of policy flexibility >Discussion of two popular mechanisms that limit policy flexibility >Flask architecture overview and prototype >Evaluation of Flask prototype c 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
❖What’s ahead ➢Elaboration on meaning of policy flexibility ➢Discussion of two popular mechanisms that limit policy flexibility ➢Flask architecture overview and prototype ➢Evaluation of Flask prototype
Outline *Introduction Policy Flexibility Insufficiency of Popular Mechanisms *Related Work Flask Design and Implementation Results Summary ence and Technol *Other Flask object managers Current Status 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
Outline ❖Introduction ❖Policy Flexibility ❖Insufficiency of Popular Mechanisms ❖Related Work ❖Flask Design and Implementation ❖Results ❖Summary ❖Other Flask object managers ❖Current Status
Policy Flexibility How? >List all known security policies and define flexibility through that list? ●Unrealistic 1958 A better definition is needed! c花T, 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
Policy Flexibility ❖How? ➢List all known security policies and define flexibility through that list? ⚫Unrealistic ❖A better definition is needed!
It is more useful to define security policy flexibility by viewing the computer system as an abstract state machine with atomic state transformations Total flexibility is achieved when security policy knows entire state of system and can affect all operations in the system >Allow/deny operation >Atomically inject handler routines >It is possible to modify the existing security policy and to revoke any previously granted access. 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
❖It is more useful to define security policy flexibility by viewing the computer system as an abstract state machine with atomic state transformations ❖Total flexibility is achieved when security policy knows entire state of system and can affect all operations in the system ➢Allow/deny operation ➢Atomically inject handler routines ➢It is possible to modify the existing security policy and to revoke any previously granted access
Total flexibility is obviously not possible in a real system A more realistic approach is to ask what subset of system state and operations are relevant to security >Flexibility of a practical system therefore depends on how complete the set of control operations is and what portion of the state is available to the security policy >Granularity of the controlled operations affects the degree of flexibility because it impacts the granularity at which sharing can be controlled ence and Technol 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
❖Total flexibility is obviously not possible in a real system ❖A more realistic approach is to ask what subset of system state and operations are relevant to security ➢Flexibility of a practical system therefore depends on how complete the set of control operations is and what portion of the state is available to the security policy ➢Granularity of the controlled operations affects the degree of flexibility because it impacts the granularity at which sharing can be controlled