Abstract
This paper describes the implementation of the OKE, which allows users other than root to load native and fully optimised code in the Linux kernel. Safety is guaranteed by trust management, language customisation and a trusted compiler. By coupling trust management with the compiler, the OKE is able to vary the level of restrictions on the code running in the kernel, depending on the programmer's privileges. Static sandboxing is used as much as possible to check adherence to the security policies at compile time.
Original language | English |
---|---|
Title of host publication | 2002 IEEE Open Architectures and Network Programming Proceedings, OPENARCH 2002 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 141-152 |
Number of pages | 12 |
ISBN (Electronic) | 0780374576, 9780780374577 |
DOIs | |
Publication status | Published - 1 Jan 2002 |
Event | IEEE Open Architectures and Network Programming, OPENARCH 2002 - New York, United States Duration: 29 Jun 2002 → … |
Conference
Conference | IEEE Open Architectures and Network Programming, OPENARCH 2002 |
---|---|
Country/Territory | United States |
City | New York |
Period | 29/06/02 → … |