208 research outputs found
Sub-Operating Systems: A New Approach to Application Security
In the current highly interconnected computing environments, users regularly use insecure software. Many popular applications, such as Netscape Navigator and Microsoft Word, are targeted by hostile applets or malicious documents, and might therefore compromise the integrity of the system. Current operating systems are unable to protect their users from these kinds of attacks, since the hostile software is running with the user\u27s privileges and permissions. We introduce the notion of the SubOS, a process-specific protection mechanism. Under SubOS, any application that might deal with incoming, possibly malicious objects, behaves like an operating system. It views those objects the same way an operating system views users - it assigns sub-user id\u27s - and restricts their accesses to the system resources
The Socket Store: An App Model for the Application-Network Interaction
A developer of mobile or desktop applications is responsible for implementing
the network logic of his software. Nonetheless: i) Developers are not network
specialists, while pressure for emphasis on the visible application parts
places the network logic out of the coding focus. Moreover, computer networks
undergo evolution at paces that developers may not follow. ii) From the network
resource provider point of view, marketing novel services and involving a broad
audience is also challenge for the same reason. Moreover, the objectives of
end-user networking logic are neither clear nor uniform. This constitutes the
central optimization of network resources an additional challenge. As a
solution to these problems, we propose the Socket Store. The Store is a
marketplace containing end-user network logic in modular form. The Store
modules act as intelligent mediators between the end-user and the network
resources. Each module has a clear, specialized objective, such as connecting
two clients over the Internet while avoiding transit networks suspicious for
eavesdropping. The Store is populated and peer-reviewed by network specialists,
whose motive is the visibility, practical applicability and monetization
potential of their work. A developer first purchases access to a given socket
module. Subsequently, he incorporates it to his applications under development,
obtaining state-of-the-art performance with trivial coding burden. A full Store
prototype is implemented and a critical data streaming module is evaluated as a
driving case
- …