web commit by NealWalfield: Create.

author: GNU Hurd wiki engine <web-hurd@gnu.org> 2007-08-19 16:35:58 +0000
committer: GNU Hurd wiki engine <web-hurd@gnu.org> 2007-08-19 16:35:58 +0000
commit: 27e788ef4e646bd1a0cce9e3346a8e9d4447430e (patch)
tree: 24ff6fdc169986ed9c0b83e6038a2a2c4a8b3862 /asbestos.mdwn
parent: 1613fd519bae27d0f9b97ff97f936bf58a29fd36 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/asbestos.mdwn b/asbestos.mdwn
new file mode 100644
index 00000000..366aa5d9
--- /dev/null
+++ b/asbestos.mdwn
@@ -0,0 +1,15 @@
+Asbestos is an operating system developed at MIT, Stanford
+and UCLA to explore information flow control policies.  The motivation
+behind Asbestos is that typical access control systems are concerned
+with the release of information, however, once that information is
+released, the [[principal]] that released that information has no way to
+control it.  The problem is that a program might want to make use of
+a service another program provides but not want to release the
+information to it.  To work around this, the OS provides the ability
+to taint data.  The taint is automatically applied to any derived
+information.  To propagate information outside of the machine, the
+releaser must first untaint the information.  This can only be done
+with the original principal's authorization.
+
+Asbestos is described in Efstathopoulos et al.'s 2005 paper [Labels and
+Event Processes in the Asbestos Operating System](http://pdos.csail.mit.edu/papers/asbestos-sosp05.pdf).
author	GNU Hurd wiki engine <web-hurd@gnu.org>	2007-08-19 16:35:58 +0000
committer	GNU Hurd wiki engine <web-hurd@gnu.org>	2007-08-19 16:35:58 +0000
commit	27e788ef4e646bd1a0cce9e3346a8e9d4447430e (patch)
tree	24ff6fdc169986ed9c0b83e6038a2a2c4a8b3862 /asbestos.mdwn
parent	1613fd519bae27d0f9b97ff97f936bf58a29fd36 (diff)