Document Type

Article

Publication Date

7-2006

Department

Computer Science

Language

English

Publication Title

ACM SIGOPS Operating Systems Review

Abstract

General-purpose, commercial software platforms are increasingly used as system building blocks, even for dependable systems. One reason for their generality, usefulness, and popular adoption is that these software platforms can evolve through ad hoc extensions: behavior tweaks outside the scope of supported platform interfaces. Unfortunately, such use of internal platform implementation details is fundamentally incompatible with security and reliability. Even so, platforms that exclude ad hoc extensions---for instance, by enforcing full isolation and strict interfaces---will, most likely, either have their security enforcement circumvented or be relegated to a niche market. In this paper, we identify ad hoc extensions as well as the economic and technical factors surrounding their existence. Subsequently, we propose the enforcement of novel access-control policies for reconciling ad hoc extensibility with security and reliability.

Comments

Published as:
Erlingsson, Úlfar, and John MacCormick. "Ad hoc Extensibility and Access Control." ACM SIGOPS Operating Systems Review 40, no. 3 (2006): 93-101.

This author post-print is made available on Dickinson Scholar with the permission of the publisher. For more information on the published version, visit ACM's (Association for Computing Machinery) Website.

DOI

10.1145/1151374.1151393

COinS