The Asbestos Operating System

Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos’s kernel-enforced label mechanism, including controls on inter-process communication and system-wide information flow. A new event process abstraction provides lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while preventing it from leaking any single user’s data to any other user. A Web server that uses Asbestos labels to isolate user data requires about one and half memory pages per user, demonstrating that additional security can come at an acceptable cost.

Publications

  • Manageable Fine-Grained Information Flow [ pdf ]
    Petros Efstathopoulos and Eddie Kohler
    Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, (Eurosys 2008)
    Glasgow, April 2008, pages 301-314.
  • Labels and Event Processes in the Asbestos Operating System [ pdf ]
    Steve VanDeBogart, Petros Efstathopoulos, Eddie Kohler, Maxwell Krohn, Cliff Frey, David Ziegler, Frans Kaashoek, Robert Morris, and David Mazières
    ACM Transactions on Computer Systems (TOCS Vol. 25, No. 4)
  • Labels and Event Processes in the Asbestos Operating System
    Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazières, Frans Kaashoek and Robert Morris
    Proceedings of the 20th Symposium on Operating Systems Principles (SOSP 2005)
    Brighton, United Kingdom, October 2005. [ ps, ps.gz, pdf ]
    Slides [ odp, ppt, pdf (requires a pdf viewer that supports transparent images) ]
  • Make Least Privilege a Right (Not a Privilege)
    Maxwell Krohn, Petros Efstathopoulos, Cliff Frey, Frans Kaashoek, Eddie Kohler, David Mazières, Robert Morris, Michelle Osborne, Steve VanDeBogart and David Ziegler
    Proceedings of the 10th Workshop on Hot Topics in Operating Systems (HotOS 2005)
    Santa Fe, NM, June 2005. [ ps, ps.gz, pdf ].

Getting It

You can download the current version of asbestos by anonymous cvs. Use the command

cvs -d :pserver:anonymous@asbestos.cs.ucla.edu:/cvs co jos

Various Topics

Some info on benchmarking OKWS on Asbestos.

People

Contact

Thanks

Asbestos development has been supported by DARPA grants MDA972-03-P-0015 and FA8750-04-1-0090, and by joint NSF CyberTrust/DARPA grant CNS-0430425.

 
asbestos.txt · Last modified: 2008/04/21 17:34
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki