Reading
Operating systems should provide flexible abstractions that make application development easier—including secure application development. Today we’ll read a paper about the hoops that the OKCupid developers jumped through to build a more secure server architecture on conventional Unix, and a paper that aimed to create new, more powerful abstractions for building similar systems.
-
“Building Secure High-Performance Web Services with OKWS”, Maxwell Krohn (USENIX ATC 2004)
-
“Labels and event processes in the Asbestos operating system”, Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazères, Frans Kaashoek, Robert Morris (ACM SOSP 2005)
If you’re interested in this topic, check out this for a more modern version: “Site isolation: Process separation for web sites within the browser”, Charles Reis, Alexander Moshchuk, Nasko Oskov (USENIX Security 2019).
Reading questions
-
These papers don’t mention virtual machines or virtualization. Do virtual machines address the security issues OKWS and Asbestos consider, or not?
-
Asbestos rethinks basic operating systems primitives centering on security. Could any of those primitives be mapped onto more conventional primitives, like file descriptors?