path: root/asbestos.mdwn
diff options
authorGNU Hurd wiki engine <>2007-08-19 16:35:58 +0000
committerGNU Hurd wiki engine <>2007-08-19 16:35:58 +0000
commit27e788ef4e646bd1a0cce9e3346a8e9d4447430e (patch)
tree24ff6fdc169986ed9c0b83e6038a2a2c4a8b3862 /asbestos.mdwn
parent1613fd519bae27d0f9b97ff97f936bf58a29fd36 (diff)
web commit by NealWalfield: Create.
Diffstat (limited to 'asbestos.mdwn')
1 files changed, 15 insertions, 0 deletions
diff --git a/asbestos.mdwn b/asbestos.mdwn
new file mode 100644
index 00000000..366aa5d9
--- /dev/null
+++ b/asbestos.mdwn
@@ -0,0 +1,15 @@
+Asbestos is an operating system developed at MIT, Stanford
+and UCLA to explore information flow control policies. The motivation
+behind Asbestos is that typical access control systems are concerned
+with the release of information, however, once that information is
+released, the [[principal]] that released that information has no way to
+control it. The problem is that a program might want to make use of
+a service another program provides but not want to release the
+information to it. To work around this, the OS provides the ability
+to taint data. The taint is automatically applied to any derived
+information. To propagate information outside of the machine, the
+releaser must first untaint the information. This can only be done
+with the original principal's authorization.
+Asbestos is described in Efstathopoulos et al.'s 2005 paper [Labels and
+Event Processes in the Asbestos Operating System](