M. Seltzer, M. Miller, David Mazières, Yuanyuan Zhou
Despite all the work in OS to provide protection and improve security, cyber crime has grown into a major social issue. There seem to be no solutions to loss of data and theft of identity. Does the OS community bear a responsibility for this mess? Mark Miller: In the 1970s, there were two main access control models: the identity-centric model of access-control lists and the authorization-centric model of capabilities. For various reasons the world went down the identity-centric path, resulting in the situation we are now in. On the identity-centric path, why is security likely a hopeless quest? When we build systems, we compose software written by different people. These composed components may cooperate as we intend, or they may destructively interfere. We have gotten very good at avoiding accidental interference by using abstraction mechanisms and designing good abstraction boundaries. By composition, we have delivered astonishing functionality to the world. Today, when we secure systems, we assign authority to identities. When I run a program, it runs as me. The square root function in my math library can delete my files. Although it does not abuse this excess authority, if it has a flaw enabling an attacker to subvert it, then anything it may do, the attacker can do. It is this excess authority that invites most of the attacks we see in the world today. By contrast, when we secure systems with capabilities, we work with the grain of how we organize software for functionality. At every level of composition, from programming language to operating systems to distributed services, we design abstraction boundaries so that a component's interface only requires arguments that are somehow relevant to its task. If such argument passing were the only source of authority, we would have already taken a huge step towards least authority. If most programs only ran with the least authority they need to do their jobs, most abuses would be minor. I do not imagine a world with fewer exploitable bugs. I imagine a world in which much less is at risk to most bugs.
{"title":"Is achieving security a hopeless quest?","authors":"M. Seltzer, M. Miller, David Mazières, Yuanyuan Zhou","doi":"10.1145/2830903.2830914","DOIUrl":"https://doi.org/10.1145/2830903.2830914","url":null,"abstract":"Despite all the work in OS to provide protection and improve security, cyber crime has grown into a major social issue. There seem to be no solutions to loss of data and theft of identity. Does the OS community bear a responsibility for this mess? Mark Miller: In the 1970s, there were two main access control models: the identity-centric model of access-control lists and the authorization-centric model of capabilities. For various reasons the world went down the identity-centric path, resulting in the situation we are now in. On the identity-centric path, why is security likely a hopeless quest? When we build systems, we compose software written by different people. These composed components may cooperate as we intend, or they may destructively interfere. We have gotten very good at avoiding accidental interference by using abstraction mechanisms and designing good abstraction boundaries. By composition, we have delivered astonishing functionality to the world. Today, when we secure systems, we assign authority to identities. When I run a program, it runs as me. The square root function in my math library can delete my files. Although it does not abuse this excess authority, if it has a flaw enabling an attacker to subvert it, then anything it may do, the attacker can do. It is this excess authority that invites most of the attacks we see in the world today. By contrast, when we secure systems with capabilities, we work with the grain of how we organize software for functionality. At every level of composition, from programming language to operating systems to distributed services, we design abstraction boundaries so that a component's interface only requires arguments that are somehow relevant to its task. If such argument passing were the only source of authority, we would have already taken a huge step towards least authority. If most programs only ran with the least authority they need to do their jobs, most abuses would be minor. I do not imagine a world with fewer exploitable bugs. I imagine a world in which much less is at risk to most bugs.","PeriodicalId":175724,"journal":{"name":"SOSP History Day 2015","volume":"109 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133775266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The story of virtualization and the important role it has played in Operating Systems over the past 50 years. The systems and papers mentioned in the text are the author's choice of exemplars for the concepts being discussed, they not an exhaustive list of all related research and products, nor a statement about precedence over other systems.
{"title":"Virtualization","authors":"A. Herbert","doi":"10.1145/2830903.2830909","DOIUrl":"https://doi.org/10.1145/2830903.2830909","url":null,"abstract":"The story of virtualization and the important role it has played in Operating Systems over the past 50 years. The systems and papers mentioned in the text are the author's choice of exemplars for the concepts being discussed, they not an exhaustive list of all related research and products, nor a statement about precedence over other systems.","PeriodicalId":175724,"journal":{"name":"SOSP History Day 2015","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121403116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Barbara Liskov examines the evolution of abstractions, such as processes and software layers, to organize complex systems. Some abstractions are separate service processes invoked by RPC, others are overlaid on a user s process by monitors. Many have found their way into system programming languages. Communication is a major issue.
Barbara Liskov研究了抽象的演变,例如过程和软件层,以组织复杂的系统。一些抽象是由RPC调用的独立服务流程,另一些抽象是由监视器覆盖在用户流程上的。许多已经找到了进入系统编程语言的方法。沟通是一个主要问题。
{"title":"Perspectives on system languages and abstraction","authors":"B. Liskov","doi":"10.1145/2830903.2830906","DOIUrl":"https://doi.org/10.1145/2830903.2830906","url":null,"abstract":"Barbara Liskov examines the evolution of abstractions, such as processes and software layers, to organize complex systems. Some abstractions are separate service processes invoked by RPC, others are overlaid on a user s process by monitors. Many have found their way into system programming languages. Communication is a major issue.","PeriodicalId":175724,"journal":{"name":"SOSP History Day 2015","volume":"152 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114063375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"SOSP History Day 2015","authors":"","doi":"10.1145/2830903","DOIUrl":"https://doi.org/10.1145/2830903","url":null,"abstract":"","PeriodicalId":175724,"journal":{"name":"SOSP History Day 2015","volume":"492 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116694397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: