Some other Perspectives on Security Architectures

• Recent MIT work: Security for Distributed Computer Systems?
• User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
• A classic survey paper by Saltzer & Schroeder
• Early Computer Security Papers.
• The world of Security and Java:
  • Li Gong from Sun presented these slides at JavaOne.
  • The Princeton Secure Internet Programming page
  • Extensible Security Architecture for Java by the Princeton people
  • Java Security Hotlist from Cigital
  • Sun‘s eCommerce
  • My brief points on Java architecture and their security.
  • “Microsoft’s Trust-Based Security for Java”
  • A dictionary of threats.
• Microsoft’s security page
• Microsoft’s Zones
• Microsoft’s sandboxes—1, 2, 3
• Isolating web programs in modern browser architectures
• Slash Dot query on Windows and replies
• Bill Joy’s informative comments on Microsoft Security
• Microsoft’s NGSCB née “Palladium”.
• Li Gong’s notes on Capability Systems.
• Netscape’s Security page for users and for developers; their Signing Architecture and SSL
• The venerable Orange Book describes evaluation criteria for military grade security. It has many kindred volumes.
• The Common Criteria, are a recent effort towards standardization of IT security.
• Wulf’s Legions
• Security on the RS/6000 SP System
• My attempt to understand Unix security
• A more substantial effort
• Plan for Linux Posix Security
• Security Enhanced Linux from NSA
• MK++(?), a Mach like Kernel
• Memco, a product to harden Unix.
• Systrace, just what is that program trying to do?
• IETF network security recommendations
• Tempest nexus; Destructive Electromagnetic Waves
• NIST: Many early security papers and Other Security Publications.
• CERT
• Intel’s trusted computer
• The Trusted Computing Platform Alliance, steps towards tamper resistance?
• Liberty Alliance
• An interesting military research effort on portable code.
• Olin Sibert notes that programs that crash on invalid input are likely to be vulnerable to obeying hostile code. Here he reviews the sorry state of conventional computer security.
• CERT’s Firewall Theory; Linux Firewall Lore
• A Security Kernel Based on the Lambda-Calculus; Rees (Trusty Scheme?)
• SASL: Simple Authentication and Security Layer
• Proof Carrying Code
• Carl Ellison’s perspective on PKI, and his Establishing Identity Without Certification Authorities
• The Gray Hats (Domain (at least) evidently bought by Symantec)
• Security in OS vs Language
• Stack Inspection: Theory and Variants by Cédric Fournet and Andrew Gordon, describes stack inspection clearly and considers some of its ramifications.
• Ross Anderson’s work
• Stuart Schechter
• Pure Software
• DRM—Stallman—BIOS
• Honeynet
• Chrome Endowments for Browser extensions.
• Kill Switches and such
• Rutkowska
• Genode
• XACML
• Yurls
• Other tradeoffs for persistence I think I don’t like, but I have not understood.
• Google’s Belay

• Capsicum
• Memory Management on a Massively Parallel Capability Architecture
• Princeton’s view of Java as Capability platform
• Oz

• From Netscape
• From Microsoft
  Mark Miller’s Thesis
  Plash

• Chris Hibbert’s
• David Wagner’s List
• Risks Digest (comp.risks)
• A good capability nexus

• Jails as in FreeBSD.
• Posix “capabilities” FAQ, Slashdot article
• VServers (a good use of POSIX “capabilities”?)
• An exo kernel example
• Phoenix BIOS
• VServer, too
• Xen, Xenoservers
• Ensim (For Windows. IIS?)
• Denali
• VMWare
• Apple’s Entitlements; IOS Security

Security Theory; The Open Web Application Security Project
Kragen; Privacy
Hardware Security