|author||GNU Hurd wiki engine <firstname.lastname@example.org>||2007-08-19 16:35:58 +0000|
|committer||GNU Hurd wiki engine <email@example.com>||2007-08-19 16:35:58 +0000|
web commit by NealWalfield: Create.
Diffstat (limited to 'asbestos.mdwn')
1 files changed, 15 insertions, 0 deletions
diff --git a/asbestos.mdwn b/asbestos.mdwn
new file mode 100644
@@ -0,0 +1,15 @@
+Asbestos is an operating system developed at MIT, Stanford
+and UCLA to explore information flow control policies. The motivation
+behind Asbestos is that typical access control systems are concerned
+with the release of information, however, once that information is
+released, the [[principal]] that released that information has no way to
+control it. The problem is that a program might want to make use of
+a service another program provides but not want to release the
+information to it. To work around this, the OS provides the ability
+to taint data. The taint is automatically applied to any derived
+information. To propagate information outside of the machine, the
+releaser must first untaint the information. This can only be done
+with the original principal's authorization.
+Asbestos is described in Efstathopoulos et al.'s 2005 paper [Labels and
+Event Processes in the Asbestos Operating System](http://pdos.csail.mit.edu/papers/asbestos-sosp05.pdf).