Technical Reports (CIS)

Document Type

Technical Report

Date of this Version

January 2001


University of Pennsylvania Department of Computer and Information Science Technical Report No. MS-CIS-01-06.


In the current highly interconnected computing environments, users regularly use insecure software. Many popular applications, such as Netscape Navigator and Microsoft Word, are targeted by hostile applets or malicious documents, and might therefore compromise the integrity of the system. Current operating systems are unable to protect their users from these kinds of attacks, since the hostile software is running with the user's privileges and permissions. We introduce the notion of the SubOS, a process-specific protection mechanism. Under SubOS, any application that might deal with incoming, possibly malicious objects, behaves like an operating system. It views those objects the same way an operating system views users - it assigns sub-user id's - and restricts their accesses to the system resources.


secure systems, capabilities, process-specific protection



Date Posted: 20 June 2007