Some other Perspectives on Security Architectures
Other use of “Capability Based”
Other Security Nexi
Deployed Security Technologies
- Recent MIT work:
Security for Distributed Computer Systems?
- User-Driven Access Control:
Rethinking Permission Granting in Modern Operating Systems
- A classic survey paper by Saltzer & Schroeder
- Early Computer Security Papers.
- The world of Security and Java:
- Microsoft’s security page
- Microsoft’s Zones
- Microsoft’s sandboxes—1,
- Isolating web programs in modern browser architectures
- Slash Dot query on Windows and replies
- Bill Joy’s informative comments on Microsoft Security
- Microsoft’s NGSCB née “Palladium”.
- Li Gong’s notes on Capability Systems.
- Netscape’s Security page for users and for developers; their Signing Architecture and SSL
- The venerable Orange Book describes evaluation criteria for military grade security.
It has many kindred volumes.
- The Common Criteria, are a recent effort towards standardization of IT security.
- Wulf’s Legions
- Security on the RS/6000 SP System
- My attempt to understand Unix security
- A more substantial effort
- Plan for Linux Posix Security
- Security Enhanced Linux from NSA
- MK++(?), a Mach like Kernel
- Memco, a product to harden Unix.
- Systrace, just what is that program trying to do?
- IETF network security recommendations
- Tempest nexus;
Destructive Electromagnetic Waves
- NIST: Many early security
papers and Other Security Publications.
Intel’s trusted computer
- The Trusted Computing Platform Alliance, steps towards tamper resistance?
- Liberty Alliance
- An interesting military research effort on portable code.
- Olin Sibert notes that programs that crash on invalid input are likely to be vulnerable to obeying hostile code.
Here he reviews the sorry state of conventional computer security.
- CERT’s Firewall Theory;
Linux Firewall Lore
A Security Kernel Based on the Lambda-Calculus; Rees (Trusty Scheme?)
- SASL: Simple Authentication and Security Layer
- Proof Carrying Code
- Carl Ellison’s perspective on PKI, and his Establishing Identity Without Certification Authorities
- The Gray Hats (Domain (at least) evidently bought by Symantec)
- Security in OS vs Language
- Stack Inspection: Theory and Variants by Cédric Fournet and Andrew Gordon, describes stack inspection clearly
and considers some of its ramifications.
- Ross Anderson’s work
- Stuart Schechter
- Pure Software
- Chrome Endowments for Browser extensions.
- Kill Switches and such
- I have not studied Genode yet.
- Other tradeoffs for persistence
I think I don’t like, but I have not understood.
- Google’s Belay
The Open Web Application Security Project