Authorizing Applications in Singularity

Ted Wobber, Aydan Yumerefendi, Martín Abadi, Andrew Birrell, and Daniel R. Simon

Abstract

We describe a new design for authorization in operating systems in which applications are first-class entities. In this design, principals reflect application identities. Access control lists are patterns that recognize principals. We present a security model that embodies this design in an experimental operating system, and we describe the implementation of our design and its performance in the context of this operating system.

Details

Publication typeInproceedings
Published inProceedings of the 2007 Eurosys Conference
AddressLisbon, Portugal
PublisherAssociation for Computing Machinery, Inc.
> Publications > Authorizing Applications in Singularity