Jonathon Tidswell

Learn More
Multiserver systems, operating systems composed from a set of hardware-protected servers, initially generated significant interest in the early 1990's. If a monolithic operating system could be decomposed into a set of servers with well-defined interfaces and well-understood protection mechanisms, then the robustness and configurability of operating systems(More)
Interprocess (IPC) monitoring enables the examination of any IPC between a <i>source</i> and a <i>destination.</i> IPC monitoring is useful for a variety of purposes, including debugging, logging, and security. For example, a monitor may collect communication state for the purpose of debugging a program consisting of several independent tasks. Also, a(More)
Assurance that an access control configuration will not result in the leakage of a right to an unauthorized principal, called <i>safety</i>, is fundamental to ensuring that the most basic of access control policies can be enforced. It has been proven that the safety of an access control configuration cannot be decided for a general access control model,(More)
Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an(More)
In this abstract, we rebut the proposed RBAC unified reference model as defined by Sandhu, Ferriaolo, and Kuhn [4]. As a unified reference model, this proposal simply re-enforces some of the concepts that are fundamental to RBAC (i.e., roles, users, and permissions) without clarifying the more complex concepts. Also, the definitions of the concepts are too(More)
In this paper we present the multistage off-line method, a new and rather natural way to model off-line packet routing problems, which reduces the problem of off-line packet routing to that of finding edge disjoint paths on a multistage graph. The multistage off-line method can model any kind of routing pattern on any graph and can incorporate the size of(More)
Extensible systems such as micro-kernels and component architectures push current security models to the limit. A number of dynamic access control models have been developed but all fail to ensure safety, especially of large scale conngurations. In previous work we have developed a dynamic typed access control (DTAC) model that supports generalised security(More)