A Decade of OS Access-control Extensibility

Open source security foundations for mobile and embedded devices

ROBERT N. M. WATSON, UNIVERSITY OF CAMBRIDGE COMPUTER LABORATORY

To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security; Type Enforcement in SELinux; anti-malware products; app sandboxing in Apple OS X, Apple iOS, and Google Android; and application-facing systems such as Capsicum in FreeBSD. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization—the adaptation of operating-system security models to site-local or product-specific requirements.

A Decade of OS Access-control Extensibility

Related:

Building Systems to Be Shared, Securely

ACM CTO Roundtable on Mobile Devices in the Enterprise

Extensible Programming for the 21st Century

Leave a Reply