TAILIEUCHUNG - Labels and Event Processes in the Asbestos Operating System

Key elements of successful programmes Key elements of successful WHP programmes include: establishing clear goals and objectives, linking programmes to business objectives; strong management support; effective communication with, and involvement of, employees at all levels of development and implementation of the WHP programme; creating supportive environments; adapting the programme to social norms and building social support; considering incentives to foster adherence to the programmes and improving self-efficacy of the participants. . | Labels and Event Processes in the Asbestos Operating System STEVE VANDEBOGART PETROS EFSTATHOPOULOS and EDDIE KOHLER University of California Los Angeles MAXWeLl KROHN CLIFF FREY DAVID ZIEGLER FRANS KAASHOEK and ROBERT MORRIS Massachusetts Institute of Technology and DAVID MAZIERES Stanford University 11 Asbestos a new operating system provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos s kernel-enforced labels including controls on interprocess communication and systemwide information flow. A new event process abstraction defines lightweight isolated contexts within a single process allowing one process to act on behalf of multiple users while preventing it from leaking any single user s data to others. A Web server demonstration application uses these primitives to isolate private user data. Since the untrusted workers that respond to client requests are constrained by labels exploited workers cannot directly expose user data except as allowed by application policy. The server application requires memory pages per user for up to 145 000 users and achieves connection rates similar to Apache demonstrating that additional security can come at an acceptable cost. Categories and Subject Descriptors Operating Systems Security and Protection Information flow controls Access controls Operating Systems Process Management Operating Systems Organization and Design Computer System Implementation Servers General Terms Security Design Performance Additional Key Words and Phrases Information flow labels mandatory access control process abstractions secure Web servers This work was supported by DARPA grants MDA972-03 and FA8750-04-1-0090 and by joint NSF Cybertrust DARPA grant CNS-0430425. E. Kohler D. Mazieres and R. Morris are supported by Sloan fellowships. E. Kohler is also supported by a Microsoft Research New Faculty .

• Tổ chức sự kiện
• hazardous effects
• nanomaterials derived
• protein aggregation
• reflect disparities
• individual resources
• privileged backgrounds
• thuật ngữ môi trường
• khoa học môi trường
• xử lý chất thải
• quản lý môi trường
• ô nhiễm môi trường
• necessarily exclude
• altruism and systems
• financial losses
• health impacts
• frequency fields
• Comprehensive assessment
• Genetic Resources
• Spices Genetic
• Vegetatively Propagated
• Solenostemon rotundifolius
• Dioscorea Species
• Equipment and Assays