1 files changed, 25 insertions, 0 deletions

diff --git a/asbestos.mdwn b/asbestos.mdwn
new file mode 100644
index 00000000..65ab391e
--- /dev/null
+++ b/asbestos.mdwn
@@ -0,0 +1,25 @@
+[[meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]]
+
+[[meta license="""[[toggle id="license" text="GFDL 1.2+"]][[toggleable
+id="license" text="Permission is granted to copy, distribute and/or modify this
+document under the terms of the GNU Free Documentation License, Version 1.2 or
+any later version published by the Free Software Foundation; with no Invariant
+Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
+is included in the section entitled
+[[GNU_Free_Documentation_License|/fdl]]."]]"""]]
+
+Asbestos is an operating system developed at MIT, Stanford
+and UCLA to explore information flow control policies.  The motivation
+behind Asbestos is that typical access control systems are concerned
+with the release of information, however, once that information is
+released, the [[principal]] that released that information has no way to
+control it.  The problem is that a program might want to make use of
+a service another program provides but not want to release the
+information to it.  To work around this, the OS provides the ability
+to taint data.  The taint is automatically applied to any derived
+information.  To propagate information outside of the machine, the
+releaser must first untaint the information.  This can only be done
+with the original principal's authorization.
+
+Asbestos is described in Efstathopoulos et al.'s 2005 paper [Labels and
+Event Processes in the Asbestos Operating System](http://pdos.csail.mit.edu/papers/asbestos-sosp05.pdf).