Tech Report CS-08-02

Operating System Protection Domains

Eric Tamura, Joel Weinberger and Aaron Myers

April 2008


Access control plays an increasingly important role in modern systems, especially with the increase in use of the Internet. Users run more and more untrusted code on their computers daily. However, there is very little infrastructure in place to address these issues. In this paper we address this by presenting an operating system level mechanism for running untrusted code in a trusted environment. This mechanism is a modification of a standard Linux distribution to provide an interface for instantiating a ``guardian''process to make access control decisions about an untrusted process' requests to access resources. This provides a flexible security mechanism that can be made arbitrarily complex or simple, providing for user interaction or automatic access control decisions. The ``guardian'' mechanism provides a new abstraction for dealing with the access control of operating system resources such as files and sockets.

(complete text in pdf)