COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > POSTPONED: A Decade of OS Access-Control Extensibility
POSTPONED: A Decade of OS Access-Control ExtensibilityAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Laurent Simon. This talk has been canceled/deleted Abstract: To discuss operating-system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security, Type Enforcement in SELinux, anti-malware products, app sandboxing in Apple OS X , Apple iOS, and Google Android, and application-facing systems such as Capsicum in FreeBSD. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to “security localisation”—the adaptation of operating-system security models to site-local or product-specific requirements. This transition was motivated by three changes: the advent of ubiquitous Internet connectivity; a migration from dedicated embedded operating systems to general-purpose ones in search of more sophisticated software stacks; and widespread movement from multiuser computing toward single-user devices with complex application models. The transition was facilitated by extensible access-control frameworks, which allow operating-system kernels to be more easily adapted to new security requirements. One such extensible kernel reference-monitor framework is the TrustedBSD MAC (Mandatory Access Control) Framework, developed beginning in 2000 and shipped in the open source FreeBSD operating system in 2003. This talk first discusses the context and challenges for access-control extensibility and high-level framework design, then turns to practical experience deploying security policies in several framework-based products, including FreeBSD, nCircle appliances, Juniper’s Junos, and Apple’s OS X and iOS. While extensibility was key to each of these projects, they motivated considerable changes to the framework itself, so the talk also explores how the framework did (and did not) meet each product’s requirements, and finally reflects on the continuing evolution of operating-system security. Bio: Dr Robert N. M. Watson is a Lecturer in the Security Research Group at the University of Cambridge Computer Laboratory. He leads a cross-layer research team spanning computer architecture, compilers, program analysis, operating systems, networking, and security; his recent contributions include work in hybrid capability systems and extensible access control. Prior to his PhD at the Computer Laboratory, Dr Watson was a Senior Research Scientist at McAfee Research, where he developed the kernel access control framework now used in many open-source and commercial products including FreeBSD, iOS, McAfee Sidewinder, Mac OS X , and Junos. He is a member of the board of directors of the FreeBSD Foundation, and has been an active contributor to the open-source FreeBSD operating system in the areas of security, networking, and release engineering since the late 1990s. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:This talk is not included in any other list Note that ex-directory lists are not shown. |
Other listsType the title of a new list here Invitation Meeting the Challenge of Healthy Ageing in the 21st Century Philosophical Approaches to Education seminar series CfEL's Enterprise Tuesday 2011/2012 Basic Statistics Reading GroupOther talksMicrotubule Modulation of Myocyte Mechanics Reframing African Studies through Languages and Translation: Overcoming Barricades to Knowledge and Knowledge Management Private Statistics and Their Applications to Distributed Learning: Tools and Challenges Transcriptional control of pluripotent stem cell fate by the Nucleosome Remodelling and Deacetylation (NuRD) complex Cooperation, Construction, Coercion, Consent: Understanding the Role of Reimagined Urban Space within Nazi Germany and Fascist Italy 'Cambridge University, Past and Present' Single Cell Seminars (August) Katie Field - Symbiotic options for the conquest of land Single Cell Seminars (October) Stokes-Smoluchowski-Einstein-Langevin theory for active colloidal suspensions |