{"title":"Language-based capabilities","authors":"Stephen Chong","doi":"10.1145/2687148.2687149","DOIUrl":null,"url":null,"abstract":"The Principle of Least Privilege suggests that software should be executed with no more authority than it requires to accomplish its task. Current security tools make it difficult to apply this principle: they either require significant modifications to applications or do not facilitate reasoning about combining untrustworthy components.\n In this talk, I present Shill, a secure shell scripting language. Shill scripts enable compositional reasoning about security through contracts that limit the effects of script execution, including the effects of programs invoked by the script. Shill contracts are declarative security policies that act as documentation for consumers of Shill scripts, and are enforced through a combination of language design and sandboxing.\n We have implemented a prototype of Shill for FreeBSD and used it for several case studies including a grading script and a script to download, compile, and install software. Our experience indicates that Shill is a practical and useful system security tool, and can provide fine-grained security guarantees.","PeriodicalId":433332,"journal":{"name":"PSP '14","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"PSP '14","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2687148.2687149","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The Principle of Least Privilege suggests that software should be executed with no more authority than it requires to accomplish its task. Current security tools make it difficult to apply this principle: they either require significant modifications to applications or do not facilitate reasoning about combining untrustworthy components.
In this talk, I present Shill, a secure shell scripting language. Shill scripts enable compositional reasoning about security through contracts that limit the effects of script execution, including the effects of programs invoked by the script. Shill contracts are declarative security policies that act as documentation for consumers of Shill scripts, and are enforced through a combination of language design and sandboxing.
We have implemented a prototype of Shill for FreeBSD and used it for several case studies including a grading script and a script to download, compile, and install software. Our experience indicates that Shill is a practical and useful system security tool, and can provide fine-grained security guarantees.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
