2006 | OriginalPaper | Buchkapitel
Information Leakage and Capability Forgery in a Capability-Based Operating System Kernel
verfasst von : Dan Mossop, Ronald Pose
Erschienen in: On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
The Password-Capability System has been designed as an operating system kernel suitable for general-purpose computing in a hostile environment. It has an access control mechanism based on password-capabilities, on top of which a confinement mechanism and a type management mechanism are layered. This paper studies the security of these mechanisms. We find that the mechanisms leak information which can be utilised by an attacker. Furthermore, we find that conditions placed on the generation of password-capabilities by the mechanisms enable the attacker to forge password-capabilities more efficiently than by exhaustive search. We show that all the discovered attacks can be prevented. This paves the way for the use of the mechanisms in a highly secure third-generation of the Password-Capability System.