Date of this Version
We propose a new protection mechanism to address active content, which applies fine-grained access controls at the level of individual data objects. All data objects arriving from remote sources are tagged with a non-removable identifier. This identifier dictates its permissions and privileges rather than the file owner’s user ID. Since users possess many objects, the system provides far more precise access control policies to be enforced, and at a far finer granularity than previous designs.
Sotiris Ioannidis, Steven M. Bellovin, and Jonathan M. Smith, "Sub-Operating Systems: A New Approach to Application Security", . September 2002.
Date Posted: 11 September 2005