Map
Index
Random
Help
th

QuoteRef: kampPH7_2004




Topic:
distributed system security
Group:
coordination system
Group:
security
Topic:
namespace
Topic:
security by audit trail
Topic:
file input/output
Topic:
security by capabilities
Topic:
hierarchical naming
Topic:
limitations of hierarchical structures
Topic:
configuration management
Topic:
preventing accidental errors
Group:
object-oriented programming
Topic:
restricted use of global variables
Topic:
software components

Reference

Kamp, P.-H., Watson, R., "Building systems to be shared securely", ACM Queue, July/August 2004, pp. 42-51. Google

Quotations
44 ;;Quote: shared systems serving simultaneous functions with differing security properties; makes computers meeting places
44 ;;Quote: types of shared systems -- control-free, Unix processes, Unix access control, full virtual machine models, execution environments, and trusted operating systems
46 ;;Quote: a trusted operating system uses a global policy and security labels on processes and objects; labels hold classification data, type, and policy rules
47 ;;Quote: the jail model substitutes namespace limits for security labels; semi-permeable partitioning of files, processes, and network; no super-user privileges; simple and efficient
47 ;;Quote: an attacker's activities are constrained by the jail and fully visible to the administrator; the jail administrator can inspected anything in the jail
47 ;;Quote: system sharing by capabilities checks upon first access, providing a reference to an object for future access; e.g., a Unix file descriptor
48 ;;Quote: namespace limits prevent access to objects that cannot be named; simple implementation and user-comprehensible behavior
48 ;;Quote: a hierarchical namespace provides containers for protecting objects; mandatory and discretionary protection by endowing subdirectories with trust; better than flat namespace
50 ;;Quote: prefer policy over tunable settings for security and resource allocation; express in terms of goals; allows audit, avoids user error
50 ;;Quote: a shared system must be easy to monitor; policy implications must be clear and testable
50 ;;Quote: prefer object-orientation implementation for shared systems; encapsulates state in a class; avoids globals
50 ;;Quote: prefer component-oriented designs for shared systems; increased flexibility, can easily disable a subsystem
50 ;;Quote: hierarchical and protected namespaces permit trust to be assigned with low cost separation between namespace subsets
50 ;;Quote: provide primitives for easily expressing security policy in broad terms

Related Topics up

Topic: distributed system security (17 items)
Group: coordination system   (8 topics, 217 quotes)
Group: security   (23 topics, 874 quotes)
Topic: namespace (19 items)
Topic: security by audit trail (18 items)
Topic: file input/output (21 items)
Topic: security by capabilities (65 items)
Topic: hierarchical naming (28 items)
Topic: limitations of hierarchical structures (10 items)
Topic: configuration management (25 items)
Topic: preventing accidental errors (37 items)
Group: object-oriented programming   (26 topics, 822 quotes)
Topic: restricted use of global variables (22 items)
Topic: software components (11 items)

Collected barberCB 11/06
Copyright © 2002-2008 by C. Bradford Barber. All rights reserved.
Thesa is a trademark of C. Bradford Barber.