Sub-Operating Systems: A New Approach to Application Security

In the current highly interconnected computing environments, users regularly use insecure software. Many popular applications, such as Netscape Navigator and Microsoft Word, are targeted by hostile applets or malicious documents, and might therefore compromise the integrity of the system. Current operating systems are unable to protect their users from these kinds of attacks, since the hostile software is running with the user\u27s privileges and permissions. We introduce the notion of the SubOS, a process-specific protection mechanism. Under SubOS, any application that might deal with incoming, possibly malicious objects, behaves like an operating system. It views those objects the same way an operating system views users - it assigns sub-user id\u27s - and restricts their accesses to the system resources

The Socket Store: An App Model for the Application-Network Interaction

A developer of mobile or desktop applications is responsible for implementing the network logic of his software. Nonetheless: i) Developers are not network specialists, while pressure for emphasis on the visible application parts places the network logic out of the coding focus. Moreover, computer networks undergo evolution at paces that developers may not follow. ii) From the network resource provider point of view, marketing novel services and involving a broad audience is also challenge for the same reason. Moreover, the objectives of end-user networking logic are neither clear nor uniform. This constitutes the central optimization of network resources an additional challenge. As a solution to these problems, we propose the Socket Store. The Store is a marketplace containing end-user network logic in modular form. The Store modules act as intelligent mediators between the end-user and the network resources. Each module has a clear, specialized objective, such as connecting two clients over the Internet while avoiding transit networks suspicious for eavesdropping. The Store is populated and peer-reviewed by network specialists, whose motive is the visibility, practical applicability and monetization potential of their work. A developer first purchases access to a given socket module. Subsequently, he incorporates it to his applications under development, obtaining state-of-the-art performance with trivial coding burden. A full Store prototype is implemented and a critical data streaming module is evaluated as a driving case