Date of this Version
In the current highly interconnected computing environments, users regularly use insecure software. Many popular applications, such as Netscape Navigator and Microsoft Word, are targeted by hostile applets or malicious documents, and might therefore compromise the integrity of the system. Current operating systems are unable to protect their users from these kinds of attacks, since the hostile software is running with the user's privileges and permissions. We introduce the notion of the SubOS, a process-specific protection mechanism. Under SubOS, any application that might deal with incoming, possibly malicious objects, behaves like an operating system. It views those objects the same way an operating system views users - it assigns sub-user id's - and restricts their accesses to the system resources.
secure systems, capabilities, process-specific protection
Ioannidis, Sotiris and Bellovin, Steven M., "Sub-Operating Systems: A New Approach to Application Security" (2001). Technical Reports (CIS). Paper 149.
Date Posted: 20 June 2007