summaryrefslogtreecommitdiff
path: root/asbestos.mdwn
blob: 366aa5d9c689b22bbc2f723178ba43496caf3d8e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Asbestos is an operating system developed at MIT, Stanford
and UCLA to explore information flow control policies.  The motivation
behind Asbestos is that typical access control systems are concerned
with the release of information, however, once that information is
released, the [[principal]] that released that information has no way to
control it.  The problem is that a program might want to make use of
a service another program provides but not want to release the
information to it.  To work around this, the OS provides the ability
to taint data.  The taint is automatically applied to any derived
information.  To propagate information outside of the machine, the
releaser must first untaint the information.  This can only be done
with the original principal's authorization.

Asbestos is described in Efstathopoulos et al.'s 2005 paper [Labels and
Event Processes in the Asbestos Operating System](http://pdos.csail.mit.edu/papers/asbestos-sosp05.pdf).