Escort: A Path-Based OS Security Architecture
نویسندگان
چکیده
Escort is the security architecture for Scout, a configurable operating system designed for network appliances. Scout is unique in that it is designed around paths—a communication-centric abstraction that encapsulates information flows through the system—rather than the more traditional processes and servers. Scout uses paths to make end-to-end resource allocation decisions. Escort extends this idea to isolate these information flows, as well as to provide end-to-end accountability. This paper introduces the Escort security architecture, shows how it can be used to enforce common security policies, and evaluates its design according to several well-established criteria.
منابع مشابه
Escort: Securing Scout Paths
Scout is a communication-orientedoperating system that can be specialized for different information appliances. It uses paths as an explicit jirst class object to describe the flow of information through the system. Escort is the security architecture for Scout. It uses the explicit knowledge provided by a path abstraction to secure informationJlow in aJEexible manner
متن کاملSemi-User-Level Communication Architecture
This paper introduces semi-user-level communication architecture, a new high-performance light-weighted communication architecture for inter-node communication of clusters. Different from traditional kernel-level networking architecture and user-level communication architecture, semi-user-level communication architecture removes OS kernel from its message-receiving path while reserves an OS tra...
متن کاملAirport Security Versus Patient Security: The “Sickurity” Problem
The massive restrain security measurements at the airports very much impress the health status of the healthy and sick passengers alike. The security check is undisputedly a harassment – the confiscation of fluids, the limited movement on the airplane results in a stressful situation and put a harmful effect on healthy traveler and an even more harmful one on the sick. This kind of problem coul...
متن کاملA simple probabilistic construction yielding generalized entropies and divergences, escort distributions and q-Gaussians
We give a simple probabilistic description of a transition between two states which leads to a generalized escort distribution. When the parameter of the distribution varies, it de nes a parametric curve that we call an escort-path. The Rényi divergence appears as a natural by-product of the setting. We study the dynamics of the Fisher information on this path, and show in particular that the t...
متن کاملTransparent Protection of Commodity OS Kernels Using Hardware Virtualization
Kernel rootkits are among the most insidious threats to computer security today. By employing various code injection techniques, they are able to maintain an omnipotent presence in the compromised OS kernels. Existing preventive countermeasures typically employ virtualization technology as part of their solutions. However, they are still limited in either (1) requiring modifying the OS kernel s...
متن کامل