Jonathon Tidswell

Learn More
Multiserver systems, operating systems composed from a set of hardware-protected servers, initially generated significant interest in the early 1990's. If a monolithic operating system could be decomposed into a set of servers with well-defined interfaces and well-understood protection mechanisms, then the robustness and configurability of operating systems(More)
Assurance that an access control con guration will not result in the leakage of a right to an unauthorized principal, called safety, is fundamental to ensuring that the most basic of access control policies can be enforced. Safety is achieved either through the use of limited models or the veri cation of safety via constraints. Currently, almost all(More)
Assurance that an access control configuration will not result in the leakage of a right to an unauthorized principal, called <i>safety</i>, is fundamental to ensuring that the most basic of access control policies can be enforced. It has been proven that the safety of an access control configuration cannot be decided for a general access control model,(More)
This paper addresses the challenge of securely implementing access control mechanisms within operating systems built on minimalistic-kernels. We demonstrate a natural correspondence between the partitioning of access controls provided in the domain and type enforcement security model, and the separation of kernel and user-level services provided in(More)
Interprocess (IPC) monitoring enables the examination of any IPC between a <i>source</i> and a <i>destination.</i> IPC monitoring is useful for a variety of purposes, including debugging, logging, and security. For example, a monitor may collect communication state for the purpose of debugging a program consisting of several independent tasks. Also, a(More)
In this abstract, we rebut the proposed RBAC unified reference model as defined by Sandhu, Ferriaolo, and Kuhn [4]. As a unified reference model, this proposal simply re-enforces some of the concepts that are fundamental to RBAC (i.e., roles, users, and permissions) without clarifying the more complex concepts. Also, the definitions of the concepts are too(More)
Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an(More)
| In this paper we present the multistage o -line method, a new and rather natural way to model o -line packet routing problems, which reduces the problem of o line packet routing to that of nding edge disjoint paths on a multistage graph. The multistage o -line method can model any kind of routing pattern on any graph and can incorporate the size of the(More)