- 1
- M. D. Abrams.
Renewed Understanding of Access Control Policies.
In Proceedings of the 16th National Computer Security
Conference, pages 87-96, Oct. 1993.
- 2
- M. D. Abrams, L. J. LaPadula, K. W. Eggers, and
I. M. Olson.
A Generalized Framework for Access Control: An Informal
Description.
In Proceedings of the 13th National Computer Security
Conference, pages 135-143, Oct. 1990.
- 3
- D. E. Bell and L. J. La Padula.
Secure Computer Systems: Mathematical Foundations and Model.
Technical Report M74-244, The MITRE Corporation, Bedford, MA, May
1973.
- 4
- T. C. V. Benzel, E. J. Sebes, and
H. Tajalli.
Identification of Subjects and Objects in a Trusted Extensible
Client Server Architecture.
In Proceedings of the 18th National Information Systems
Security Conference, pages 83-99, 1995.
- 5
- B. N. Bershad, S. Savage, P. Pardyak, E. G.
Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, and
S. Eggers.
Extensibility, Safety, and Performance in the SPIN Operating
System.
In Proc. of the 15th ACM Symp. on Operating Systems
Principles, pages 267-284, Copper Mountain, CO, Dec.
1995.
- 6
- W. E. Boebert and R. Y. Kain.
A Practical Alternative to Hierarchical Integrity Policies.
In Proceedings of the Eighth National Computer Security
Conference, 1985.
- 7
- M. I. Bushnell.
Towards a New Strategy of OS Design.
GNU's Bulletin, 1(16), Jan. 1994.
- 8
- M. Carney and B. Loe.
A Comparison of Methods for Implementing Adaptive Security
Policies.
In Proceedings of the Seventh USENIX Security Symposium,
pages 1-14, Jan. 1998.
- 9
- A. Chitturi.
Implementing Mandatory Network Security in a Policy-flexible
System.
Master's thesis, University of Utah, 1998.
pp. 70.
http://www.cs.utah.edu/projects/flux/fluke/html/flask.shtml.
- 10
- D. F. Ferraiolo, J. A. Cugini, and D. R.
Kuhn.
Role-Based Access Control (RBAC): Features and Motivations.
In Proceedings of the Eleventh Annual Computer Security
Applications Conference, Dec. 1995.
- 11
- T. Fine and S. E. Minear.
Assuring Distributed Trusted Mach.
In Proceedings IEEE Computer Society Symposium on Research in
Security and Privacy, pages 206-218, May 1993.
- 12
- B. Ford, G. Back, G. Benson, J. Lepreau,
A. Lin, and O. Shivers.
The Flux OSKit: A Substrate for OS and Language Research.
In Proc. of the 16th ACM Symp. on Operating Systems
Principles, pages 38-51, St. Malo, France, Oct. 1997.
- 13
- B. Ford, M. Hibler, J. Lepreau, R. McGrath,
and P. Tullmann.
Interface and Execution Models in the Fluke Kernel.
In Proceedings of the 3rd USENIX Symposium on Operating Systems
Design and Implementation, pages 101-116, Feb. 1999.
- 14
- B. Ford, M. Hibler, J. Lepreau,
P. Tullmann, G. Back, and S. Clawson.
Microkernels Meet Recursive Virtual Machines.
In Proceedings of the Symposium on Operating Systems Design and
Implementations, pages 137-151, Oct. 1996.
- 15
- T. Fraser and L. Badger.
Ensuring Continuity During Dynamic Security Policy Reconfiguration
in DTE.
In Proceedings of the 1998 IEEE Symposium on Security and
Privacy, pages 15-26, May 1998.
- 16
- M. Gasser.
Building a Secure Computer Systems.
Van Nostrand Reinhold Company, 1988.
- 17
- I. Goldberg, D. Wagner, R. Thomas, and
E. A. Brewer.
A Secure Environment for Untrusted Helper Applications.
In Proceedings of the 6th Usenix Security Symposium, July
1996.
- 18
- L. Gong.
A Secure Identity-Based Capability System.
In Proceedings of the 1989 IEEE Symposium on Security and
Privacy, pages 56-63, May 1989.
- 19
- R. Graubart.
On the Need for a Third Form of Access Control.
In Proceedings of the 12th National Computer Security
Conference, pages 296-304, Oct. 1989.
- 20
- R. Grimm and B. N. Bershad.
Providing Policy-Neutral and Transparent Access Control in
Extensible Systems.
In J. Vitek and C. Jensen, editors, Secure Internet
Programming: Security Issues for Distributed and Mobile
Objects, volume 1603 of Lecture Notes in Computer
Science. Springer-Verlag, June 1999.
- 21
- N. Hardy.
The Confused Deputy.
Operating Systems Review, 22(4):36-38, Oct. 1988.
- 22
- T. Jaeger, J. Liedtke, and N. Islam.
Operating System Protection for Fine-Grained Programs.
In Proceedings of the Seventh USENIX Security Symposium,
pages 143-157, Jan. 1998.
- 23
- R. Kain and C. Landwehr.
On Access Checking in Capability-Based Systems.
In Proceedings of the 1986 IEEE Symposium on Security and
Privacy, pages 66-77, May 1986.
- 24
- P. A. Karger.
New Methods for Immediate Revocation.
In Proceedings of the 1989 IEEE Symposium on Security and
Privacy, pages 48-55, May 1989.
- 25
- P. A. Karger and A. J. Herbert.
An Augmented Capability Architecture to Support Lattice Security
and Traceability of Access.
In Proceedings of the 1984 IEEE Symposium on Security and
Privacy, pages 2-12, May 1984.
- 26
- S. Kent and R. Atkinson.
Security Architecture for the Internet Protocol.
RFC 2401, Internet Engineering Task Force, Nov. 1998.
ftp://ftp.isi.edu/in-notes/rfc2401.txt.
- 27
- S. R. Kleiman.
Vnodes: An Architecture for Multiple File System Types in Sun
UNIX.
In Proc. of the Summer 1986 USENIX Conf., pages 238-247,
Atlanta, GA, June 1986.
- 28
- C. R. Landau.
Security in a Secure Capability-Based System.
Operating Systems Review, pages 2-4, Oct. 1989.
- 29
- R. Levin, E. Cohen, W. Corwin, P. F., and
W. Wulf.
Policy/mechanism separation in Hydra.
In Proceedings of the Fifth Symposium on Operating Systems
Principles, pages 132-140, Unversity of Texas at Austin, Nov.
1975. ACM/SIGOPS.
- 30
- J. Liedtke.
Clans and Chiefs.
In Architektur von Rechensystemen. Springer-Verlag, Mar.
1992.
- 31
- K. Loepere.
Mach 3 Kernel Interfaces.
Open Software Foundation and Carnegie Mellon University, Nov.
1992.
- 32
- P. A. Loscocco, S. D. Smalley, P. A.
Muckelbauer, R. C. Taylor, S. J. Turner, and J. F.
Farrell.
The Inevitability of Failure: The Flawed Assumption of Security in
Modern Computing Environments.
In Proceedings of the 21st National Information Systems
Security Conference, pages 303-314, Oct. 1998.
http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf.
- 33
- D. Maughan, M. Schertler, M. Schneider, and
J. Turner.
Internet Security Association and Key Management Protocol
(ISAKMP).
RFC 2408, Internet Engineering Task Force, Nov. 1998.
ftp://ftp.isi.edu/in-notes/rfc2408.txt.
- 34
- C. J. McCollum, J. R. Messing, and
L. Notargiacomo.
Beyond the pale of MAC and DAC - defining new forms of access
control.
In Proceedings of the 1990 IEEE Symposium on Security and
Privacy, pages 190-200, May 1990.
- 35
- S. E. Minear.
Providing Policy Control Over Object Operations in a Mach Based
System.
In Proceedings of the Fifth USENIX UNIX Security
Symposium, pages 141-156, June 1995.
- 36
- J. G. Mitchell, J. J. Gibbons, G. Hamilton,
P. B. Kessler, Y. A. Khalidi, P. Kougiouris,
P. W. Madany, M. N. Nelson, M. L. Powell, and
S. R. Radia.
An Overview of the Spring System.
In A Spring Collection. Sun Microsystems, Inc., 1994.
- 37
- T. Mitchem, R. Lu, and R. O'Brien.
Using Kernel Hypervisors to Secure Applications.
In Proceedings of the Annual Computer Security Applications
Conference, Dec. 1997.
- 38
- D. Olawsky, T. Fine, E. Schneider, and
R. Spencer.
Developing and Using a ``Policy Neutral'' Access Control
Policy.
In Proceedings of the New Security Paradigms Workshop.
ACM, Sept. 1996.
- 39
- E. I. Organick.
The Multics System : An Examination of its
Structure.
MIT Press, 1972.
- 40
- S. A. Rajunas, N. Hardy, A. C. Bomberger,
W. S. Frantz, and C. R. Landau.
Security in KeyKOS.
In Proceedings of the 1986 IEEE Symposium on Security and
Privacy, pages 78-85, Apr. 1986.
- 41
- S. G. Ravi Sandhu, Venkata Bhamidipati and
C. Youman.
The ARBAC97 Model for Role-Based Administration of Roles:
Preliminary Description and Outline.
In Proceedings of the Second ACM Workshop on Role-Based Access
Control, pages 41-50, Nov. 1997.
- 42
- D. Redell and R. Fabry.
Selective Revocation of Capabilities.
In Proceedings of the International Workshop on Protection in
Operating Systems, pages 192-209, Aug. 1974.
- 43
- Secure Computing Corp.
DTOS Generalized Security Policy Specification.
DTOS CDRL A019, 2675 Long Lake Rd, Roseville, MN 55113, June
1997.
http://www.securecomputing.com/randt/HTML/dtos.shtml.
- 44
- Secure Computing Corp.
Assurance in the Fluke Microkernel: Formal Security Policy
Model.
CDRL A003, 2675 Long Lake Rd, Roseville, MN 55113, Feb. 1999.
http://www.cs.utah.edu/projects/flux/fluke/html/flask.shtml.
- 45
- Secure Computing Corp.
Assurance in the Fluke Microkernel: Formal Top-Level
Specification.
CDRL A004, 2675 Long Lake Rd, Roseville, MN 55113, Feb. 1999.
http://www.cs.utah.edu/projects/flux/fluke/html/flask.shtml.
- 46
- M. I. Seltzer, Y. Endo, C. Small, and K. A.
Smith.
Dealing With Disaster: Surviving Misbehaved Kernel
Extensions.
In Proc. of the Second Symp. on Operating Systems Design and
Implementation, pages 213-227, Seattle, WA, Oct. 1996. USENIX
Assoc.
- 47
- J. S. Shapiro.
EROS: A Capability System.
Technical Report Technical Report MS-CIS-97-04, University of
Pennsylvania, Department of Computer and Information Science,
1997.
- 48
- D. F. Sterne, M. Branstad, B. Hubbard, and
B. M. D. Wolcott.
An Analysis of Application Specific Security Policies.
In Proceedings of the 14th National Computer Security
Conference, pages 25-36, Oct. 1991.
- 49
- SunSoft, Inc.
Spring Programmer's Guide, 1995.
On-line documentation included in the Spring Research Distribution
1.0.
- 50
- D. S. Wallach, D. Balfanz, D. Dean, and
E. W. Felten.
Extensible Security Architectures for Java.
In Proc. of the 16th ACM Symp. on Operating Systems
Principles, pages 116-128, Oct. 1997.
- 51
- R. M. Wong.
A Comparison of Secure Unix Operating Systems.
In Proceedings of the Sixth Annual Computer Security
Applications Conference, pages 322-333, Dec. 1990.
- 52
- W. Wulf, R. Levin, and P. Harbison.
Hydra/C.mmp: An Experimental Computer System.
McGraw-Hill, 1981.
- 53
- M. E. Zurko and R. Simon.
User-Centered Security.
In Proceedings of the New Security Paradigms Workshop,
Sept. 1996.