Serveur d'exploration sur l'opéra

Attention, ce site est en cours de développement !
Attention, site généré par des moyens informatiques à partir de corpus bruts.
Les informations ne sont donc pas validées.

Reusability of Functionality-Based Application Confinement Policy Abstractions

Identifieur interne : 000487 ( Istex/Corpus ); précédent : 000486; suivant : 000488

Reusability of Functionality-Based Application Confinement Policy Abstractions

Auteurs : Cliffe Schreuders ; Christian Payne

Source :

RBID : ISTEX:503590810F7C5026FEB103D1B693C994C15E6AE9

Abstract

Abstract: Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user’s privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application’s behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model by analysing policies for the confinement of four different web browsers.

Url:
DOI: 10.1007/978-3-540-88625-9_14

Links to Exploration step

ISTEX:503590810F7C5026FEB103D1B693C994C15E6AE9

Le document en format XML

<record>
<TEI wicri:istexFullTextTei="biblStruct">
<teiHeader>
<fileDesc>
<titleStmt>
<title xml:lang="en">Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
<author>
<name sortKey="Schreuders, Cliffe" sort="Schreuders, Cliffe" uniqKey="Schreuders C" first="Cliffe" last="Schreuders">Cliffe Schreuders</name>
<affiliation>
<mods:affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: c.schreuders@murdoch.edu.au</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Payne, Christian" sort="Payne, Christian" uniqKey="Payne C" first="Christian" last="Payne">Christian Payne</name>
<affiliation>
<mods:affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: c.payne@murdoch.edu.au</mods:affiliation>
</affiliation>
</author>
</titleStmt>
<publicationStmt>
<idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:503590810F7C5026FEB103D1B693C994C15E6AE9</idno>
<date when="2008" year="2008">2008</date>
<idno type="doi">10.1007/978-3-540-88625-9_14</idno>
<idno type="url">https://api.istex.fr/document/503590810F7C5026FEB103D1B693C994C15E6AE9/fulltext/pdf</idno>
<idno type="wicri:Area/Istex/Corpus">000487</idno>
</publicationStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title level="a" type="main" xml:lang="en">Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
<author>
<name sortKey="Schreuders, Cliffe" sort="Schreuders, Cliffe" uniqKey="Schreuders C" first="Cliffe" last="Schreuders">Cliffe Schreuders</name>
<affiliation>
<mods:affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: c.schreuders@murdoch.edu.au</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Payne, Christian" sort="Payne, Christian" uniqKey="Payne C" first="Christian" last="Payne">Christian Payne</name>
<affiliation>
<mods:affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: c.payne@murdoch.edu.au</mods:affiliation>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series>
<title level="s">Lecture Notes in Computer Science</title>
<imprint>
<date>2008</date>
</imprint>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
<idno type="istex">503590810F7C5026FEB103D1B693C994C15E6AE9</idno>
<idno type="DOI">10.1007/978-3-540-88625-9_14</idno>
<idno type="ChapterID">Chap14</idno>
<idno type="ChapterID">14</idno>
</biblStruct>
</sourceDesc>
<seriesStmt>
<idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc>
<textClass></textClass>
<langUsage>
<language ident="en">en</language>
</langUsage>
</profileDesc>
</teiHeader>
<front>
<div type="abstract" xml:lang="en">Abstract: Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user’s privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application’s behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model by analysing policies for the confinement of four different web browsers.</div>
</front>
</TEI>
<istex>
<corpusName>springer</corpusName>
<author>
<json:item>
<name>Z. Cliffe Schreuders</name>
<affiliations>
<json:string>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</json:string>
<json:string>E-mail: c.schreuders@murdoch.edu.au</json:string>
</affiliations>
</json:item>
<json:item>
<name>Christian Payne</name>
<affiliations>
<json:string>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</json:string>
<json:string>E-mail: c.payne@murdoch.edu.au</json:string>
</affiliations>
</json:item>
</author>
<language>
<json:string>eng</json:string>
</language>
<abstract>Abstract: Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user’s privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application’s behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model by analysing policies for the confinement of four different web browsers.</abstract>
<qualityIndicators>
<score>8.864</score>
<pdfVersion>1.6</pdfVersion>
<pdfPageSize>430 x 660 pts</pdfPageSize>
<refBibsNative>false</refBibsNative>
<keywordCount>0</keywordCount>
<abstractCharCount>1387</abstractCharCount>
<pdfWordCount>6004</pdfWordCount>
<pdfCharCount>44134</pdfCharCount>
<pdfPageCount>16</pdfPageCount>
<abstractWordCount>197</abstractWordCount>
</qualityIndicators>
<title>Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
<chapterId>
<json:string>Chap14</json:string>
<json:string>14</json:string>
</chapterId>
<genre>
<json:string>conference [research-article]</json:string>
</genre>
<serie>
<editor>
<json:item>
<name>David Hutchison</name>
</json:item>
<json:item>
<name>Takeo Kanade</name>
</json:item>
<json:item>
<name>Josef Kittler</name>
</json:item>
<json:item>
<name>Jon M. Kleinberg</name>
</json:item>
<json:item>
<name>Friedemann Mattern</name>
</json:item>
<json:item>
<name>John C. Mitchell</name>
</json:item>
<json:item>
<name>Moni Naor</name>
</json:item>
<json:item>
<name>Oscar Nierstrasz</name>
</json:item>
<json:item>
<name>C. Pandu Rangan</name>
</json:item>
<json:item>
<name>Bernhard Steffen</name>
</json:item>
<json:item>
<name>Madhu Sudan</name>
</json:item>
<json:item>
<name>Demetri Terzopoulos</name>
</json:item>
<json:item>
<name>Doug Tygar</name>
</json:item>
<json:item>
<name>Moshe Y. Vardi</name>
</json:item>
<json:item>
<name>Gerhard Weikum</name>
</json:item>
</editor>
<issn>
<json:string>0302-9743</json:string>
</issn>
<genre></genre>
<language>
<json:string>unknown</json:string>
</language>
<eissn>
<json:string>1611-3349</json:string>
</eissn>
<title>Lecture Notes in Computer Science</title>
<copyrightDate>2008</copyrightDate>
</serie>
<host>
<editor>
<json:item>
<name>Liqun Chen</name>
<affiliations>
<json:string>HP Laboratories, Bristol, UK</json:string>
<json:string>E-mail: liqun.chen@hp.com</json:string>
</affiliations>
</json:item>
<json:item>
<name>Mark D. Ryan</name>
<affiliations>
<json:string>School of Computer Science, University of Birmingham, B15 2TT, UK</json:string>
<json:string>E-mail: M.D.Ryan@cs.bham.ac.uk</json:string>
</affiliations>
</json:item>
<json:item>
<name>Guilin Wang</name>
<affiliations>
<json:string>School of Computer Science, University of Birmingham, B15 2TT, Birmingham, UK</json:string>
<json:string>E-mail: g.wang@cs.bham.ac.uk</json:string>
</affiliations>
</json:item>
</editor>
<subject>
<json:item>
<value>Computer Science</value>
</json:item>
<json:item>
<value>Computer Science</value>
</json:item>
<json:item>
<value>Data Encryption</value>
</json:item>
<json:item>
<value>Data Structures, Cryptology and Information Theory</value>
</json:item>
<json:item>
<value>Coding and Information Theory</value>
</json:item>
<json:item>
<value>Systems and Data Security</value>
</json:item>
<json:item>
<value>Algorithm Analysis and Problem Complexity</value>
</json:item>
<json:item>
<value>Computer Communication Networks</value>
</json:item>
</subject>
<isbn>
<json:string>978-3-540-88624-2</json:string>
</isbn>
<language>
<json:string>unknown</json:string>
</language>
<eissn>
<json:string>1611-3349</json:string>
</eissn>
<title>Information and Communications Security</title>
<bookId>
<json:string>978-3-540-88625-9</json:string>
</bookId>
<volume>5308</volume>
<pages>
<last>221</last>
<first>206</first>
</pages>
<issn>
<json:string>0302-9743</json:string>
</issn>
<genre>
<json:string>Book Series</json:string>
</genre>
<eisbn>
<json:string>978-3-540-88625-9</json:string>
</eisbn>
<copyrightDate>2008</copyrightDate>
<doi>
<json:string>10.1007/978-3-540-88625-9</json:string>
</doi>
</host>
<publicationDate>2008</publicationDate>
<copyrightDate>2008</copyrightDate>
<doi>
<json:string>10.1007/978-3-540-88625-9_14</json:string>
</doi>
<id>503590810F7C5026FEB103D1B693C994C15E6AE9</id>
<fulltext>
<json:item>
<original>true</original>
<mimetype>application/pdf</mimetype>
<extension>pdf</extension>
<uri>https://api.istex.fr/document/503590810F7C5026FEB103D1B693C994C15E6AE9/fulltext/pdf</uri>
</json:item>
<json:item>
<original>false</original>
<mimetype>application/zip</mimetype>
<extension>zip</extension>
<uri>https://api.istex.fr/document/503590810F7C5026FEB103D1B693C994C15E6AE9/fulltext/zip</uri>
</json:item>
<istex:fulltextTEI uri="https://api.istex.fr/document/503590810F7C5026FEB103D1B693C994C15E6AE9/fulltext/tei">
<teiHeader>
<fileDesc>
<titleStmt>
<title level="a" type="main" xml:lang="en">Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
<respStmt xml:id="ISTEX-API" resp="Références bibliographiques récupérées via GROBID" name="ISTEX-API (INIST-CNRS)"></respStmt>
</titleStmt>
<publicationStmt>
<authority>ISTEX</authority>
<publisher>Springer Berlin Heidelberg</publisher>
<pubPlace>Berlin, Heidelberg</pubPlace>
<availability>
<p>SPRINGER</p>
</availability>
<date>2008</date>
</publicationStmt>
<sourceDesc>
<biblStruct type="inbook">
<analytic>
<title level="a" type="main" xml:lang="en">Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
<author>
<persName>
<forename type="first">Z.</forename>
<surname>Schreuders</surname>
</persName>
<email>c.schreuders@murdoch.edu.au</email>
<affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</affiliation>
</author>
<author>
<persName>
<forename type="first">Christian</forename>
<surname>Payne</surname>
</persName>
<email>c.payne@murdoch.edu.au</email>
<affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</affiliation>
</author>
</analytic>
<monogr>
<title level="m">Information and Communications Security</title>
<title level="m" type="sub">10th International Conference, ICICS 2008 Birmingham, UK, October 20 - 22, 2008 Proceedings</title>
<idno type="pISBN">978-3-540-88624-2</idno>
<idno type="eISBN">978-3-540-88625-9</idno>
<idno type="pISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="DOI">10.1007/978-3-540-88625-9</idno>
<idno type="BookID">978-3-540-88625-9</idno>
<idno type="BookTitleID">183381</idno>
<idno type="BookSequenceNumber">5308</idno>
<idno type="BookVolumeNumber">5308</idno>
<idno type="BookChapterCount">28</idno>
<editor>
<persName>
<forename type="first">Liqun</forename>
<surname>Chen</surname>
</persName>
<email>liqun.chen@hp.com</email>
<affiliation>HP Laboratories, Bristol, UK</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Mark</forename>
<forename type="first">D.</forename>
<surname>Ryan</surname>
</persName>
<email>M.D.Ryan@cs.bham.ac.uk</email>
<affiliation>School of Computer Science, University of Birmingham, B15 2TT, UK</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Guilin</forename>
<surname>Wang</surname>
</persName>
<email>g.wang@cs.bham.ac.uk</email>
<affiliation>School of Computer Science, University of Birmingham, B15 2TT, Birmingham, UK</affiliation>
</editor>
<imprint>
<publisher>Springer Berlin Heidelberg</publisher>
<pubPlace>Berlin, Heidelberg</pubPlace>
<date type="published" when="2008"></date>
<biblScope unit="volume">5308</biblScope>
<biblScope unit="page" from="206">206</biblScope>
<biblScope unit="page" to="221">221</biblScope>
</imprint>
</monogr>
<series>
<title level="s">Lecture Notes in Computer Science</title>
<editor>
<persName>
<forename type="first">David</forename>
<surname>Hutchison</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Takeo</forename>
<surname>Kanade</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Josef</forename>
<surname>Kittler</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Jon</forename>
<forename type="first">M.</forename>
<surname>Kleinberg</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Friedemann</forename>
<surname>Mattern</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">John</forename>
<forename type="first">C.</forename>
<surname>Mitchell</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Moni</forename>
<surname>Naor</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Oscar</forename>
<surname>Nierstrasz</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">C.</forename>
<surname>Pandu Rangan</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Bernhard</forename>
<surname>Steffen</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Madhu</forename>
<surname>Sudan</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Demetri</forename>
<surname>Terzopoulos</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Doug</forename>
<surname>Tygar</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Moshe</forename>
<forename type="first">Y.</forename>
<surname>Vardi</surname>
</persName>
</editor>
<editor>
<persName>
<forename type="first">Gerhard</forename>
<surname>Weikum</surname>
</persName>
</editor>
<biblScope>
<date>2008</date>
</biblScope>
<idno type="pISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="seriesId">558</idno>
</series>
<idno type="istex">503590810F7C5026FEB103D1B693C994C15E6AE9</idno>
<idno type="DOI">10.1007/978-3-540-88625-9_14</idno>
<idno type="ChapterID">Chap14</idno>
<idno type="ChapterID">14</idno>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc>
<creation>
<date>2008</date>
</creation>
<langUsage>
<language ident="en">en</language>
</langUsage>
<abstract xml:lang="en">
<p>Abstract: Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user’s privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application’s behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model by analysing policies for the confinement of four different web browsers.</p>
</abstract>
<textClass>
<keywords scheme="Book Subject Collection">
<list>
<label>SUCO11645</label>
<item>
<term>Computer Science</term>
</item>
</list>
</keywords>
</textClass>
<textClass>
<keywords scheme="Book Subject Group">
<list>
<label>I</label>
<label>I15033</label>
<label>I15009</label>
<label>I15041</label>
<label>I14050</label>
<label>I16021</label>
<label>I13022</label>
<item>
<term>Computer Science</term>
</item>
<item>
<term>Data Encryption</term>
</item>
<item>
<term>Data Structures, Cryptology and Information Theory</term>
</item>
<item>
<term>Coding and Information Theory</term>
</item>
<item>
<term>Systems and Data Security</term>
</item>
<item>
<term>Algorithm Analysis and Problem Complexity</term>
</item>
<item>
<term>Computer Communication Networks</term>
</item>
</list>
</keywords>
</textClass>
</profileDesc>
<revisionDesc>
<change when="2008">Published</change>
<change xml:id="refBibs-istex" who="#ISTEX-API" when="2016-3-2">References added</change>
</revisionDesc>
</teiHeader>
</istex:fulltextTEI>
<json:item>
<original>false</original>
<mimetype>text/plain</mimetype>
<extension>txt</extension>
<uri>https://api.istex.fr/document/503590810F7C5026FEB103D1B693C994C15E6AE9/fulltext/txt</uri>
</json:item>
</fulltext>
<metadata>
<istex:metadataXml wicri:clean="Springer, Publisher found" wicri:toSee="no header">
<istex:xmlDeclaration>version="1.0" encoding="UTF-8"</istex:xmlDeclaration>
<istex:docType PUBLIC="-//Springer-Verlag//DTD A++ V2.4//EN" URI="http://devel.springer.de/A++/V2.4/DTD/A++V2.4.dtd" name="istex:docType"></istex:docType>
<istex:document>
<Publisher>
<PublisherInfo>
<PublisherName>Springer Berlin Heidelberg</PublisherName>
<PublisherLocation>Berlin, Heidelberg</PublisherLocation>
</PublisherInfo>
<Series>
<SeriesInfo SeriesType="Series" TocLevels="0">
<SeriesID>558</SeriesID>
<SeriesPrintISSN>0302-9743</SeriesPrintISSN>
<SeriesElectronicISSN>1611-3349</SeriesElectronicISSN>
<SeriesTitle Language="En">Lecture Notes in Computer Science</SeriesTitle>
</SeriesInfo>
<SeriesHeader>
<EditorGroup>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>David</GivenName>
<FamilyName>Hutchison</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Takeo</GivenName>
<FamilyName>Kanade</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Josef</GivenName>
<FamilyName>Kittler</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Jon</GivenName>
<GivenName>M.</GivenName>
<FamilyName>Kleinberg</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Friedemann</GivenName>
<FamilyName>Mattern</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>John</GivenName>
<GivenName>C.</GivenName>
<FamilyName>Mitchell</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Moni</GivenName>
<FamilyName>Naor</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Oscar</GivenName>
<FamilyName>Nierstrasz</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>C.</GivenName>
<FamilyName>Pandu Rangan</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Bernhard</GivenName>
<FamilyName>Steffen</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Madhu</GivenName>
<FamilyName>Sudan</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Demetri</GivenName>
<FamilyName>Terzopoulos</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Doug</GivenName>
<FamilyName>Tygar</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Moshe</GivenName>
<GivenName>Y.</GivenName>
<FamilyName>Vardi</FamilyName>
</EditorName>
</Editor>
<Editor>
<EditorName DisplayOrder="Western">
<GivenName>Gerhard</GivenName>
<FamilyName>Weikum</FamilyName>
</EditorName>
</Editor>
</EditorGroup>
</SeriesHeader>
<Book Language="En">
<BookInfo BookProductType="Proceedings" ContainsESM="No" Language="En" MediaType="eBook" NumberingStyle="Unnumbered" OutputMedium="All" TocLevels="0">
<BookID>978-3-540-88625-9</BookID>
<BookTitle>Information and Communications Security</BookTitle>
<BookSubTitle>10th International Conference, ICICS 2008 Birmingham, UK, October 20 - 22, 2008 Proceedings</BookSubTitle>
<BookVolumeNumber>5308</BookVolumeNumber>
<BookSequenceNumber>5308</BookSequenceNumber>
<BookDOI>10.1007/978-3-540-88625-9</BookDOI>
<BookTitleID>183381</BookTitleID>
<BookPrintISBN>978-3-540-88624-2</BookPrintISBN>
<BookElectronicISBN>978-3-540-88625-9</BookElectronicISBN>
<BookChapterCount>28</BookChapterCount>
<BookCopyright>
<CopyrightHolderName>Springer Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2008</CopyrightYear>
</BookCopyright>
<BookSubjectGroup>
<BookSubject Code="I" Type="Primary">Computer Science</BookSubject>
<BookSubject Code="I15033" Priority="1" Type="Secondary">Data Encryption</BookSubject>
<BookSubject Code="I15009" Priority="2" Type="Secondary">Data Structures, Cryptology and Information Theory</BookSubject>
<BookSubject Code="I15041" Priority="3" Type="Secondary">Coding and Information Theory</BookSubject>
<BookSubject Code="I14050" Priority="4" Type="Secondary">Systems and Data Security</BookSubject>
<BookSubject Code="I16021" Priority="5" Type="Secondary">Algorithm Analysis and Problem Complexity</BookSubject>
<BookSubject Code="I13022" Priority="6" Type="Secondary">Computer Communication Networks</BookSubject>
<SubjectCollection Code="SUCO11645">Computer Science</SubjectCollection>
</BookSubjectGroup>
</BookInfo>
<BookHeader>
<EditorGroup>
<Editor AffiliationIDS="Aff1">
<EditorName DisplayOrder="Western">
<GivenName>Liqun</GivenName>
<FamilyName>Chen</FamilyName>
</EditorName>
<Contact>
<Email>liqun.chen@hp.com</Email>
</Contact>
</Editor>
<Editor AffiliationIDS="Aff2">
<EditorName DisplayOrder="Western">
<GivenName>Mark</GivenName>
<GivenName>D.</GivenName>
<FamilyName>Ryan</FamilyName>
</EditorName>
<Contact>
<Email>M.D.Ryan@cs.bham.ac.uk</Email>
</Contact>
</Editor>
<Editor AffiliationIDS="Aff3">
<EditorName DisplayOrder="Western">
<GivenName>Guilin</GivenName>
<FamilyName>Wang</FamilyName>
</EditorName>
<Contact>
<Email>g.wang@cs.bham.ac.uk</Email>
</Contact>
</Editor>
<Affiliation ID="Aff1">
<OrgName>HP Laboratories</OrgName>
<OrgAddress>
<City>Bristol</City>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff2">
<OrgDivision>School of Computer Science</OrgDivision>
<OrgName>University of Birmingham</OrgName>
<OrgAddress>
<Postcode>B15 2TT</Postcode>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff3">
<OrgDivision>School of Computer Science</OrgDivision>
<OrgName>University of Birmingham</OrgName>
<OrgAddress>
<Postcode>B15 2TT</Postcode>
<City>Birmingham</City>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</BookHeader>
<Part ID="Part5">
<PartInfo TocLevels="0">
<PartID>5</PartID>
<PartSequenceNumber>5</PartSequenceNumber>
<PartTitle>Access Control</PartTitle>
<PartChapterCount>4</PartChapterCount>
<PartContext>
<SeriesID>558</SeriesID>
<BookTitle>Information and Communications Security</BookTitle>
</PartContext>
</PartInfo>
<Chapter ID="Chap14" Language="En">
<ChapterInfo ChapterType="OriginalPaper" ContainsESM="No" NumberingStyle="Unnumbered" TocLevels="0">
<ChapterID>14</ChapterID>
<ChapterDOI>10.1007/978-3-540-88625-9_14</ChapterDOI>
<ChapterSequenceNumber>14</ChapterSequenceNumber>
<ChapterTitle Language="En">Reusability of Functionality-Based Application Confinement Policy Abstractions</ChapterTitle>
<ChapterFirstPage>206</ChapterFirstPage>
<ChapterLastPage>221</ChapterLastPage>
<ChapterCopyright>
<CopyrightHolderName>Springer-Verlag Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2008</CopyrightYear>
</ChapterCopyright>
<ChapterGrants Type="Regular">
<MetadataGrant Grant="OpenAccess"></MetadataGrant>
<AbstractGrant Grant="OpenAccess"></AbstractGrant>
<BodyPDFGrant Grant="Restricted"></BodyPDFGrant>
<BodyHTMLGrant Grant="Restricted"></BodyHTMLGrant>
<BibliographyGrant Grant="Restricted"></BibliographyGrant>
<ESMGrant Grant="Restricted"></ESMGrant>
</ChapterGrants>
<ChapterContext>
<SeriesID>558</SeriesID>
<PartID>5</PartID>
<BookID>978-3-540-88625-9</BookID>
<BookTitle>Information and Communications Security</BookTitle>
</ChapterContext>
</ChapterInfo>
<ChapterHeader>
<AuthorGroup>
<Author AffiliationIDS="Aff4">
<AuthorName DisplayOrder="Western">
<GivenName>Z.</GivenName>
<GivenName>Cliffe</GivenName>
<FamilyName>Schreuders</FamilyName>
</AuthorName>
<Contact>
<Email>c.schreuders@murdoch.edu.au</Email>
</Contact>
</Author>
<Author AffiliationIDS="Aff4">
<AuthorName DisplayOrder="Western">
<GivenName>Christian</GivenName>
<FamilyName>Payne</FamilyName>
</AuthorName>
<Contact>
<Email>c.payne@murdoch.edu.au</Email>
</Contact>
</Author>
<Affiliation ID="Aff4">
<OrgDivision>School of IT</OrgDivision>
<OrgName>Murdoch University</OrgName>
<OrgAddress>
<Street>South Street</Street>
<City>Murdoch</City>
<Postcode>WA 6150</Postcode>
<Country>Australia</Country>
</OrgAddress>
</Affiliation>
</AuthorGroup>
<Abstract ID="Abs1" Language="En">
<Heading>Abstract</Heading>
<Para>Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user’s privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application’s behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model by analysing policies for the confinement of four different web browsers.</Para>
</Abstract>
<KeywordGroup Language="En">
<Heading>Keywords</Heading>
<Keyword>Functionality-Based Application Confinement (FBAC)</Keyword>
<Keyword>Role-Based Access Control (RBAC)</Keyword>
<Keyword>Application-Oriented Access Control</Keyword>
<Keyword>Application Confinement</Keyword>
<Keyword>Sandbox</Keyword>
<Keyword>Usable Security</Keyword>
<Keyword>Reusable Policy</Keyword>
</KeywordGroup>
</ChapterHeader>
<NoBody></NoBody>
</Chapter>
</Part>
</Book>
</Series>
</Publisher>
</istex:document>
</istex:metadataXml>
<mods version="3.6">
<titleInfo lang="en">
<title>Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
</titleInfo>
<titleInfo type="alternative" contentType="CDATA" lang="en">
<title>Reusability of Functionality-Based Application Confinement Policy Abstractions</title>
</titleInfo>
<name type="personal">
<namePart type="given">Z.</namePart>
<namePart type="given">Cliffe</namePart>
<namePart type="family">Schreuders</namePart>
<affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</affiliation>
<affiliation>E-mail: c.schreuders@murdoch.edu.au</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Christian</namePart>
<namePart type="family">Payne</namePart>
<affiliation>School of IT, Murdoch University, South Street, WA 6150, Murdoch, Australia</affiliation>
<affiliation>E-mail: c.payne@murdoch.edu.au</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<typeOfResource>text</typeOfResource>
<genre type="conference [research-article]" displayLabel="OriginalPaper"></genre>
<originInfo>
<publisher>Springer Berlin Heidelberg</publisher>
<place>
<placeTerm type="text">Berlin, Heidelberg</placeTerm>
</place>
<dateIssued encoding="w3cdtf">2008</dateIssued>
<copyrightDate encoding="w3cdtf">2008</copyrightDate>
</originInfo>
<language>
<languageTerm type="code" authority="rfc3066">en</languageTerm>
<languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<physicalDescription>
<internetMediaType>text/html</internetMediaType>
</physicalDescription>
<abstract lang="en">Abstract: Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user’s privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application’s behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model by analysing policies for the confinement of four different web browsers.</abstract>
<relatedItem type="host">
<titleInfo>
<title>Information and Communications Security</title>
<subTitle>10th International Conference, ICICS 2008 Birmingham, UK, October 20 - 22, 2008 Proceedings</subTitle>
</titleInfo>
<name type="personal">
<namePart type="given">Liqun</namePart>
<namePart type="family">Chen</namePart>
<affiliation>HP Laboratories, Bristol, UK</affiliation>
<affiliation>E-mail: liqun.chen@hp.com</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Mark</namePart>
<namePart type="given">D.</namePart>
<namePart type="family">Ryan</namePart>
<affiliation>School of Computer Science, University of Birmingham, B15 2TT, UK</affiliation>
<affiliation>E-mail: M.D.Ryan@cs.bham.ac.uk</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Guilin</namePart>
<namePart type="family">Wang</namePart>
<affiliation>School of Computer Science, University of Birmingham, B15 2TT, Birmingham, UK</affiliation>
<affiliation>E-mail: g.wang@cs.bham.ac.uk</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<genre type="Book Series" displayLabel="Proceedings"></genre>
<originInfo>
<copyrightDate encoding="w3cdtf">2008</copyrightDate>
<issuance>monographic</issuance>
</originInfo>
<subject>
<genre>Book Subject Collection</genre>
<topic authority="SpringerSubjectCodes" authorityURI="SUCO11645">Computer Science</topic>
</subject>
<subject>
<genre>Book Subject Group</genre>
<topic authority="SpringerSubjectCodes" authorityURI="I">Computer Science</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I15033">Data Encryption</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I15009">Data Structures, Cryptology and Information Theory</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I15041">Coding and Information Theory</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I14050">Systems and Data Security</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I16021">Algorithm Analysis and Problem Complexity</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I13022">Computer Communication Networks</topic>
</subject>
<identifier type="DOI">10.1007/978-3-540-88625-9</identifier>
<identifier type="ISBN">978-3-540-88624-2</identifier>
<identifier type="eISBN">978-3-540-88625-9</identifier>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="BookTitleID">183381</identifier>
<identifier type="BookID">978-3-540-88625-9</identifier>
<identifier type="BookChapterCount">28</identifier>
<identifier type="BookVolumeNumber">5308</identifier>
<identifier type="BookSequenceNumber">5308</identifier>
<identifier type="PartChapterCount">4</identifier>
<part>
<date>2008</date>
<detail type="part">
<title>Access Control</title>
</detail>
<detail type="volume">
<number>5308</number>
<caption>vol.</caption>
</detail>
<extent unit="pages">
<start>206</start>
<end>221</end>
</extent>
</part>
<recordInfo>
<recordOrigin>Springer Berlin Heidelberg, 2008</recordOrigin>
</recordInfo>
</relatedItem>
<relatedItem type="series">
<titleInfo>
<title>Lecture Notes in Computer Science</title>
</titleInfo>
<name type="personal">
<namePart type="given">David</namePart>
<namePart type="family">Hutchison</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Takeo</namePart>
<namePart type="family">Kanade</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Josef</namePart>
<namePart type="family">Kittler</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Jon</namePart>
<namePart type="given">M.</namePart>
<namePart type="family">Kleinberg</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Friedemann</namePart>
<namePart type="family">Mattern</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">John</namePart>
<namePart type="given">C.</namePart>
<namePart type="family">Mitchell</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Moni</namePart>
<namePart type="family">Naor</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Oscar</namePart>
<namePart type="family">Nierstrasz</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">C.</namePart>
<namePart type="family">Pandu Rangan</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Bernhard</namePart>
<namePart type="family">Steffen</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Madhu</namePart>
<namePart type="family">Sudan</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Demetri</namePart>
<namePart type="family">Terzopoulos</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Doug</namePart>
<namePart type="family">Tygar</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Moshe</namePart>
<namePart type="given">Y.</namePart>
<namePart type="family">Vardi</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Gerhard</namePart>
<namePart type="family">Weikum</namePart>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<originInfo>
<copyrightDate encoding="w3cdtf">2008</copyrightDate>
<issuance>serial</issuance>
</originInfo>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="SeriesID">558</identifier>
<recordInfo>
<recordOrigin>Springer Berlin Heidelberg, 2008</recordOrigin>
</recordInfo>
</relatedItem>
<identifier type="istex">503590810F7C5026FEB103D1B693C994C15E6AE9</identifier>
<identifier type="DOI">10.1007/978-3-540-88625-9_14</identifier>
<identifier type="ChapterID">Chap14</identifier>
<identifier type="ChapterID">14</identifier>
<accessCondition type="use and reproduction" contentType="copyright">Springer Berlin Heidelberg</accessCondition>
<recordInfo>
<recordContentSource>SPRINGER</recordContentSource>
<recordOrigin>Springer-Verlag Berlin Heidelberg, 2008</recordOrigin>
</recordInfo>
</mods>
</metadata>
<enrichments>
<istex:refBibTEI uri="https://api.istex.fr/document/503590810F7C5026FEB103D1B693C994C15E6AE9/enrichments/refBib">
<teiHeader></teiHeader>
<text>
<front></front>
<body></body>
<back>
<listBibl>
<biblStruct xml:id="b0">
<analytic>
<title level="a" type="main">Towards a Formal Model for Security Policies Specification and Validation in the SElinux System</title>
<author>
<persName>
<forename type="first">G</forename>
<surname>Zanin</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">L</forename>
<forename type="middle">V</forename>
<surname>Mancini</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies</title>
<meeting>the Ninth ACM Symposium on Access Control Models and Technologies</meeting>
<imprint>
<publisher>ACM Press, Yorktown Heights</publisher>
<date type="published" when="2004"></date>
<biblScope unit="page" from="136" to="145"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b1">
<analytic>
<title level="a" type="main">A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker</title>
<author>
<persName>
<forename type="first">I</forename>
<surname>Goldberg</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">D</forename>
<surname>Wagner</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Thomas</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">E</forename>
<forename type="middle">A</forename>
<surname>Brewer</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 6th USENIX Security Symposium. University of California</title>
<meeting>the 6th USENIX Security Symposium. University of California
<address>
<addrLine>San Jose</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="1996"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b2">
<analytic>
<title level="a" type="main">Building Systems to be Shared Securely</title>
<author>
<persName>
<forename type="first">P.-H</forename>
<surname>Kamp</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Watson</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="j">ACM Queue</title>
<imprint>
<biblScope unit="volume">2</biblScope>
<biblScope unit="page" from="42" to="51"></biblScope>
<date type="published" when="2004"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b3">
<analytic>
<title level="a" type="main">Application and Analysis of the Virtual Machine Approach to Information Security</title>
<author>
<persName>
<forename type="first">S</forename>
<forename type="middle">E</forename>
<surname>Madnick</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">J</forename>
<forename type="middle">J</forename>
<surname>Donovan</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the ACM Workshop on Virtual Computer Systems</title>
<meeting>the ACM Workshop on Virtual Computer Systems
<address>
<addrLine>Cambridge, MA, USA</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="1973-03"></date>
<biblScope unit="page" from="210" to="224"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b4">
<analytic>
<title level="a" type="main">Jails: Confining the Omnipotent Root</title>
<author>
<persName>
<forename type="first">P.-H</forename>
<surname>Kamp</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Watson</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Sane 2000 -2nd International SANE Conference</title>
<imprint>
<date type="published" when="2000"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b5">
<analytic>
<title level="a" type="main">Solaris Zones: Operating System Support for Server Consolidation</title>
<author>
<persName>
<forename type="first">A</forename>
<surname>Tucker</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">D</forename>
<surname>Comay</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">3rd Virtual Machine Research and Technology Symposium Works-in-Progress</title>
<imprint></imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b6">
<analytic>
<title level="a" type="main">Lightweight virtual machines for distributed and networked applications</title>
<author>
<persName>
<forename type="first">A</forename>
<surname>Whitaker</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">M</forename>
<surname>Shaw</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">S</forename>
<forename type="middle">D</forename>
<surname>Gribble</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation</title>
<meeting>the 5th USENIX Symposium on Operating Systems Design and Implementation</meeting>
<imprint>
<date type="published" when="2002"></date>
<biblScope unit="page" from="195" to="209"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b7">
<analytic>
<title level="a" type="main">Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2</title>
<author>
<persName>
<forename type="first">L</forename>
<surname>Gong</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">M</forename>
<surname>Mueller</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">H</forename>
<surname>Prafullchandra</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Schemers</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">USENIX Symposium on Internet Technologies and Systems</title>
<meeting>
<address>
<addrLine>Monterey</addrLine>
</address>
</meeting>
<imprint>
<publisher>Prentice Hall PTR</publisher>
<date type="published" when="1997"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b8">
<monogr>
<title level="m" type="main">Net Security and Cryptography</title>
<author>
<persName>
<forename type="first">P</forename>
<surname>Thorsteinson</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">G</forename>
<forename type="middle">G A</forename>
<surname>Ganesh</surname>
</persName>
</author>
<imprint>
<date type="published" when="2003"></date>
<publisher>Prentice Hall PTR</publisher>
<biblScope unit="page">229</biblScope>
<pubPlace>Englewood Cliffs</pubPlace>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b9">
<analytic>
<title level="a" type="main">Usable Mandatory Integrity Protection for Operating Systems</title>
<author>
<persName>
<forename type="first">N</forename>
<surname>Li</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">Z</forename>
<surname>Mao</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">H</forename>
<surname>Chen</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the IEEE Symposium on Security and Privacy</title>
<meeting>the IEEE Symposium on Security and Privacy</meeting>
<imprint>
<date type="published" when="2007"></date>
<biblScope unit="page" from="164" to="178"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b10">
<analytic>
<title level="a" type="main">Practical Proactive Integrity Preservation: A Basis for Malware Defense. Security and Privacy</title>
<author>
<persName>
<forename type="first">W</forename>
<surname>Sun</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Sekar</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">G</forename>
<surname>Poothia</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">T</forename>
<surname>Karandikar</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">IEEE Symposium on SP 2008</title>
<imprint>
<date type="published" when="2008"></date>
<biblScope unit="page" from="248" to="262"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b11">
<monogr>
<title level="m" type="main">Janus: An Approach for Confinement of Untrusted Applications</title>
<author>
<persName>
<forename type="first">D</forename>
<forename type="middle">A</forename>
<surname>Wagner</surname>
</persName>
</author>
<imprint>
<date type="published" when="1999"></date>
<pubPlace>Berkeley, USA</pubPlace>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b12">
<analytic>
<title level="a" type="main">Improving Host Security with System Call Policies</title>
<author>
<persName>
<forename type="first">N</forename>
<surname>Provos</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">12th USENIX Security Symposium</title>
<meeting>
<address>
<addrLine>Washington</addrLine>
</address>
</meeting>
<imprint>
<publisher>USENIX</publisher>
<date type="published" when="2002"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b13">
<analytic>
<title level="a" type="main">SubDomain: Parsimonious Server Security</title>
<author>
<persName>
<forename type="first">C</forename>
<surname>Cowan</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">S</forename>
<surname>Beattie</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">G</forename>
<surname>Kroah-Hartman</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">C</forename>
<surname>Pu</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">P</forename>
<surname>Wagle</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">V</forename>
<surname>Gligor</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">USENIX 14th Systems Administration Conference</title>
<imprint>
<date type="published" when="2000"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b14">
<analytic>
<title level="a" type="main">TRON: Process-Specific File Protection for the UNIX Operating System</title>
<author>
<persName>
<forename type="first">A</forename>
<surname>Berman</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">V</forename>
<surname>Bourassa</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">E</forename>
<surname>Selberg</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 1995 Winter USENIX Conference</title>
<meeting>the 1995 Winter USENIX Conference</meeting>
<imprint>
<date type="published" when="1995"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b15">
<analytic>
<title level="a" type="main">Taking advantage of Linux capabilities</title>
<author>
<persName>
<forename type="first">M</forename>
<surname>Bacarella</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="j">Linux Journal</title>
<imprint>
<date type="published" when="2002"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b16">
<analytic>
<title level="a" type="main">Bitfrost: the one laptop per child security model</title>
<author>
<persName>
<forename type="first">I</forename>
<surname>Krsti</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">S</forename>
<forename type="middle">L</forename>
<surname>Garfinkel</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">ACM International Conference Proceeding Series</title>
<imprint>
<date type="published" when="2007"></date>
<biblScope unit="page" from="132" to="142"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b17">
<analytic>
<title level="a" type="main">The structure of authority: Why security is not a separable concern</title>
<author>
<persName>
<forename type="first">M</forename>
<forename type="middle">S</forename>
<surname>Miller</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">B</forename>
<surname>Tulloh</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">J</forename>
<forename type="middle">S</forename>
<surname>Shapiro</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Multiparadigm Programming in Mozart/Oz: Proceedings of MOZ 3389</title>
<imprint>
<date type="published" when="2004"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b18">
<analytic>
<title level="a" type="main">Polaris: virus-safe computing for Windows XP</title>
<author>
<persName>
<forename type="first">M</forename>
<surname>Stiegler</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">A</forename>
<forename type="middle">H</forename>
<surname>Karp</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">K</forename>
<forename type="middle">P</forename>
<surname>Yee</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">T</forename>
<surname>Close</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">M</forename>
<forename type="middle">S</forename>
<surname>Miller</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="j">Communications of the ACM</title>
<imprint>
<biblScope unit="volume">49</biblScope>
<biblScope unit="page" from="83" to="88"></biblScope>
<date type="published" when="2006"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b19">
<analytic>
<title level="a" type="main">Object capabilities for security</title>
<author>
<persName>
<forename type="first">D</forename>
<surname>Wagner</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Conference on Programming Language Design and Implementation: Proceedings of the 2006 workshop on Programming languages and analysis for security</title>
<imprint>
<date type="published" when="2006"></date>
<biblScope unit="page" from="1" to="2"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b20">
<analytic>
<title level="a" type="main">Practical Domain and Type Enforcement for UNIX</title>
<author>
<persName>
<forename type="first">L</forename>
<surname>Badger</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">D</forename>
<forename type="middle">F</forename>
<surname>Sterne</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">D</forename>
<forename type="middle">L</forename>
<surname>Sherman</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">K</forename>
<forename type="middle">M</forename>
<surname>Walker</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">S</forename>
<forename type="middle">A</forename>
<surname>Haghighat</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 1995 IEEE Symposium on Security and Privacy</title>
<meeting>the 1995 IEEE Symposium on Security and Privacy
<address>
<addrLine>Los Alamitos</addrLine>
</address>
</meeting>
<imprint>
<publisher>IEEE Computer Society</publisher>
<date type="published" when="1995"></date>
<biblScope unit="page">66</biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b21">
<analytic>
<title level="a" type="main">The Role Compatibility Security Model</title>
<author>
<persName>
<forename type="first">A</forename>
<surname>Ott</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">7th Nordic Workshop on Secure IT Systems</title>
<imprint>
<date type="published" when="2002"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b22">
<analytic>
<title level="a" type="main">Make least privilege a right (not a privilege )</title>
<author>
<persName>
<forename type="first">M</forename>
<surname>Krohn</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">P</forename>
<surname>Efstathopoulos</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">C</forename>
<surname>Frey</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">F</forename>
<surname>Kaashoek</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">E</forename>
<surname>Kohler</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">D</forename>
<surname>Mazieres</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Morris</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">M</forename>
<surname>Osborne</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">S</forename>
<surname>Vandebogart</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">D</forename>
<surname>Ziegler</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Procedings of 10th Hot Topics in Operating Systems Symposium (HotOS-X)</title>
<meeting>edings of 10th Hot Topics in Operating Systems Symposium (HotOS-X)
<address>
<addrLine>Santa Fe, NM, USA</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="2005"></date>
<biblScope unit="page" from="1" to="11"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b23">
<analytic>
<title level="a" type="main">Empirical Privilege Profiling</title>
<author>
<persName>
<forename type="first">C</forename>
<surname>Marceau</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Joyce</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 2005 Workshop on New Security Paradigms</title>
<meeting>the 2005 Workshop on New Security Paradigms</meeting>
<imprint>
<date type="published" when="2005"></date>
<biblScope unit="page" from="111" to="118"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b24">
<analytic>
<title level="a" type="main">Analyzing Integrity Protection in the SELinux Example Policy</title>
<author>
<persName>
<forename type="first">T</forename>
<surname>Jaeger</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Sailer</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">X</forename>
<surname>Zhang</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 12th USENIX Security Symposium</title>
<meeting>the 12th USENIX Security Symposium</meeting>
<imprint>
<date type="published" when="2003"></date>
<biblScope unit="page" from="59" to="74"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b25">
<analytic>
<title level="a" type="main">Attack-based Domain Transition Analysis</title>
<author>
<persName>
<forename type="first">S</forename>
<surname>Hinrichs</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">P</forename>
<surname>Naldurg</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">2nd Annual Security Enhanced Linux Symposium</title>
<meeting>
<address>
<addrLine>Baltimore, Md., USA</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="2006"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b26">
<analytic>
<title level="a" type="main">Role-Based Access Control</title>
<author>
<persName>
<forename type="first">D</forename>
<surname>Ferraiolo</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Kuhn</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">15th National Computer Security Conference</title>
<meeting>
<address>
<addrLine>Baltimore, MD, USA</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="1992"></date>
<biblScope unit="page" from="554" to="563"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b27">
<analytic>
<title level="a" type="main">Role-Based Access Control Models</title>
<author>
<persName>
<forename type="first">R</forename>
<forename type="middle">S</forename>
<surname>Sandhu</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">E</forename>
<forename type="middle">J</forename>
<surname>Coyne</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">H</forename>
<forename type="middle">L</forename>
<surname>Feinstein</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">C</forename>
<forename type="middle">E</forename>
<surname>Youman</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="j">IEEE Computer</title>
<imprint>
<biblScope unit="volume">29</biblScope>
<biblScope unit="page" from="38" to="47"></biblScope>
<date type="published" when="1995"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b28">
<analytic>
<title level="a" type="main">Separation of Duty in Role-Based Environments</title>
<author>
<persName>
<forename type="first">R</forename>
<forename type="middle">T</forename>
<surname>Simon</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">M</forename>
<forename type="middle">E</forename>
<surname>Zurko</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of 10th IEEE Computer Security Foundations Workshop</title>
<meeting>10th IEEE Computer Security Foundations Workshop
<address>
<addrLine>Rockport, MD</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="1997"></date>
<biblScope unit="page" from="183" to="194"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b29">
<analytic>
<title level="a" type="main">Functionality-Based Application Confinement: Parameterised Hierarchical Application Restrictions</title>
<author>
<persName>
<forename type="first">Z</forename>
<forename type="middle">C</forename>
<surname>Schreuders</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">C</forename>
<surname>Payne</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of SECRYPT 2008: International Conference on Security and Cryptography</title>
<meeting>SECRYPT 2008: International Conference on Security and Cryptography
<address>
<addrLine>Porto</addrLine>
</address>
</meeting>
<imprint>
<publisher>INSTICC Press</publisher>
<date type="published" when="2008"></date>
<biblScope unit="page" from="72" to="77"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b30">
<analytic>
<title level="a" type="main">Proposed NIST Standard for Role-Based Access Control</title>
<author>
<persName>
<forename type="first">D</forename>
<forename type="middle">F</forename>
<surname>Ferraiolo</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Sandhu</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">S</forename>
<surname>Gavrila</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">D</forename>
<forename type="middle">R</forename>
<surname>Kuhn</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">R</forename>
<surname>Chandramouli</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="j">ACM Transactions on Information and System Security</title>
<imprint>
<biblScope unit="volume">4</biblScope>
<biblScope unit="page" from="224" to="274"></biblScope>
<date type="published" when="2001"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b31">
<analytic>
<title level="a" type="main">MAPbox: Using Parameterized Behavior Classes to Confine Applications</title>
<author>
<persName>
<forename type="first">A</forename>
<surname>Acharya</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">M</forename>
<surname>Raje</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 2000 USENIX Security Symposium</title>
<meeting>the 2000 USENIX Security Symposium
<address>
<addrLine>Denver, CO, USA</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="2000"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b32">
<analytic>
<title level="a" type="main">Requirements of role-based access control for collaborative systems</title>
<author>
<persName>
<forename type="first">T</forename>
<surname>Jaeger</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">A</forename>
<surname>Prakash</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the first ACM Workshop on Role-based access control</title>
<meeting>the first ACM Workshop on Role-based access control
<address>
<addrLine>Gaithersburg</addrLine>
</address>
</meeting>
<imprint>
<publisher>ACM Press</publisher>
<date type="published" when="1996"></date>
<biblScope unit="page">16</biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b33">
<analytic>
<title level="a" type="main">Support for discretionary role based access control in ACL-oriented operating systems</title>
<author>
<persName>
<forename type="first">C</forename>
<surname>Friberg</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">A</forename>
<surname>Held</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the second ACM workshop on Role-based access control</title>
<meeting>the second ACM workshop on Role-based access control
<address>
<addrLine>Fairfax</addrLine>
</address>
</meeting>
<imprint>
<publisher>ACM Press</publisher>
<date type="published" when="1997"></date>
<biblScope unit="page" from="83" to="94"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b34">
<analytic>
<title level="a" type="main">Inheritance Properties of Role Hierarchies</title>
<author>
<persName>
<forename type="first">W</forename>
<forename type="middle">A</forename>
<surname>Jansen</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 21st National Information Systems Security Conference</title>
<meeting>the 21st National Information Systems Security Conference
<address>
<addrLine>Gaithersburg</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="1998"></date>
<biblScope unit="page" from="476" to="485"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b35">
<analytic>
<title level="a" type="main">Linux Security Module Framework</title>
<author>
<persName>
<forename type="first">C</forename>
<surname>Wright</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">C</forename>
<surname>Cowan</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">S</forename>
<surname>Smalley</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">J</forename>
<surname>Morris</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">G</forename>
<surname>Kroah-Hartman</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Ottawa Linux Symposium Ottawa, Canada</title>
<imprint>
<date type="published" when="2002"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b36">
<analytic>
<title level="a" type="main">Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools</title>
<author>
<persName>
<forename type="first">T</forename>
<surname>Garfinkel</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the 10th Network and Distributed System Security Symposium</title>
<meeting>the 10th Network and Distributed System Security Symposium
<address>
<addrLine>San Diego</addrLine>
</address>
</meeting>
<imprint>
<date type="published" when="2003"></date>
<biblScope unit="page" from="163" to="176"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b37">
<analytic>
<title level="a" type="main">Pastures: Towards Usable Security Policy Engineering</title>
<author>
<persName>
<forename type="first">S</forename>
<surname>Bratus</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">A</forename>
<surname>Ferguson</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">D</forename>
<surname>Mcilroy</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">S</forename>
<surname>Smith</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Proceedings of the Second International Conference on Availability, Reliability and Security</title>
<meeting>the Second International Conference on Availability, Reliability and Security</meeting>
<imprint>
<date type="published" when="2007"></date>
<biblScope unit="page" from="1052" to="1059"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b38">
<analytic>
<title></title>
</analytic>
<monogr>
<title level="j">Tresys: SELinux Reference Policy</title>
<imprint>
<date type="published" when="2008"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b39">
<analytic>
<title level="a" type="main">Towards a manageable Linux security Behavior-based Confinement of Untrusted Applications</title>
<author>
<persName>
<forename type="first">T</forename>
<surname>Harada</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">T</forename>
<surname>Horie</surname>
</persName>
</author>
<author>
<persName>
<forename type="first">K</forename>
<surname>Tanaka</surname>
</persName>
</author>
</analytic>
<monogr>
<title level="m">Linux Conference 2005 (Japanese)</title>
<imprint>
<date type="published" when="1999"></date>
</imprint>
</monogr>
</biblStruct>
</listBibl>
</back>
</text>
</istex:refBibTEI>
</enrichments>
</istex>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Musique/explor/OperaV1/Data/Istex/Corpus
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000487 | SxmlIndent | more

Ou

HfdSelect -h $EXPLOR_AREA/Data/Istex/Corpus/biblio.hfd -nk 000487 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Musique
   |area=    OperaV1
   |flux=    Istex
   |étape=   Corpus
   |type=    RBID
   |clé=     ISTEX:503590810F7C5026FEB103D1B693C994C15E6AE9
   |texte=   Reusability of Functionality-Based Application Confinement Policy Abstractions
}}

Wicri

This area was generated with Dilib version V0.6.21.
Data generation: Thu Apr 14 14:59:05 2016. Site generation: Thu Oct 8 06:48:41 2020