Skip to content

Latest commit

 

History

History
25 lines (22 loc) · 1.48 KB

asbestos.mdwn

File metadata and controls

25 lines (22 loc) · 1.48 KB

[[!meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]]

[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable id="license" text="Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled [[GNU Free Documentation License|/fdl]]."]]"""]]

Asbestos is an operating system developed at MIT, Stanford and UCLA to explore information flow control policies. The motivation behind Asbestos is that typical access control systems are concerned with the release of information, however, once that information is released, the [[principal]] that released that information has no way to control it. The problem is that a program might want to make use of a service another program provides but not want to release the information to it. To work around this, the OS provides the ability to taint data. The taint is automatically applied to any derived information. To propagate information outside of the machine, the releaser must first untaint the information. This can only be done with the original principal's authorization.

Asbestos is described in Efstathopoulos et al.'s 2005 paper Labels and Event Processes in the Asbestos Operating System.