University of Cambridge > > Computer Laboratory Security Seminar > POSTPONED: A Decade of OS Access-Control Extensibility

POSTPONED: A Decade of OS Access-Control Extensibility

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Laurent Simon.

This talk has been canceled/deleted

Abstract: To discuss operating-system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security, Type Enforcement in SELinux, anti-malware products, app sandboxing in Apple OS X , Apple iOS, and Google Android, and application-facing systems such as Capsicum in FreeBSD. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to “security localisation”—the adaptation of operating-system security models to site-local or product-specific requirements.

This transition was motivated by three changes: the advent of ubiquitous Internet connectivity; a migration from dedicated embedded operating systems to general-purpose ones in search of more sophisticated software stacks; and widespread movement from multiuser computing toward single-user devices with complex application models. The transition was facilitated by extensible access-control frameworks, which allow operating-system kernels to be more easily adapted to new security requirements.

One such extensible kernel reference-monitor framework is the TrustedBSD MAC (Mandatory Access Control) Framework, developed beginning in 2000 and shipped in the open source FreeBSD operating system in 2003. This talk first discusses the context and challenges for access-control extensibility and high-level framework design, then turns to practical experience deploying security policies in several framework-based products, including FreeBSD, nCircle appliances, Juniper’s Junos, and Apple’s OS X and iOS. While extensibility was key to each of these projects, they motivated considerable changes to the framework itself, so the talk also explores how the framework did (and did not) meet each product’s requirements, and finally reflects on the continuing evolution of operating-system security.

Bio: Dr Robert N. M. Watson is a Lecturer in the Security Research Group at the University of Cambridge Computer Laboratory. He leads a cross-layer research team spanning computer architecture, compilers, program analysis, operating systems, networking, and security; his recent contributions include work in hybrid capability systems and extensible access control. Prior to his PhD at the Computer Laboratory, Dr Watson was a Senior Research Scientist at McAfee Research, where he developed the kernel access control framework now used in many open-source and commercial products including FreeBSD, iOS, McAfee Sidewinder, Mac OS X , and Junos. He is a member of the board of directors of the FreeBSD Foundation, and has been an active contributor to the open-source FreeBSD operating system in the areas of security, networking, and release engineering since the late 1990s.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

This talk is not included in any other list

Note that ex-directory lists are not shown.


© 2006-2018, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity