An Augmented Capability Architecture to Support Lattice Security and Traceability of Access | Semantic Scholar

The paper shows why this problem arises and provides a taxonomy of capability-based designs and identifies a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.

This paper presents a verification of the EROS confinement mechanism with respect to a broad class of capability architectures (including EROS) and shows that architectures covered by this model enforce the confinement requirements if a small number of initial static checks on the confined subsystem are satisfied.

This dissertation presents a novel security architecture called security-passing style and motivates its application to security issues that arise in mobile code systems such as Java using an efficient implementation that requires no special hardware or language runtime support.

A set of examples attempts to stake out the boundaries of the problem by defining a program during its execution so that it cannot transmit information to any other program except its caller.

An approach to proving that an operating system enforces confinement, by preventing borrowed programs from writing information in storage in violation of a formally stated security policy, is presented.