Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Empirically-based secure OS design
Weber S., Shostack A., Solworth J., Zurko M.  NSPW 2017 (Proceedings of the 2017 New Security Paradigms Workshop, Santa Cruz, CA, Oct 1-4, 2017)90-93.2017.Type:Proceedings
Date Reviewed: Jun 13 2019

In this New Security Paradigms Workshop (NSPW) panel, four people discuss research methods and the actual meaning of a secure operating system (OS).

The panelists do not tackle this aspect as a purely academic exercise. In fact, they emphasize: “Every once in a while a disruptive event happens in which an opportunity for a new OS arises” (see, for example, the introduction of smartphones, or the Internet of Things (IoT)). Such events could be seen as failures of the secure OS design community to build more secure systems--“could we not have anticipated ... many of the security flaws of, for instance, Android, before they were inflicted on millions of users?”

Among the many discussion topics, one grabbed my attention. Although many OSs focus on providing security support for stability, how many provide security mechanisms to support user applications via application programming interfaces (APIs)? Usability is also a key point (being the usual tradeoff in security). How to extend, then, the same concepts of OS security to browsers, which are overtaking their role as support platforms for user applications?

The panelists discuss how to apply empirical methods to OS design and point to further research, especially for security practitioners who are interested in future research directions.

Reviewer:  Massimiliano Masi Review #: CR146597 (1908-0311)
Bookmark and Share
  Featured Reviewer  
 
Security and Protection (D.4.6 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Practical UNIX security
Garfinkel S., Spafford G., O’Reilly & Associates, Inc., Sebastopol, CA, 1991. Type: Book (9780937175729)
Jun 1 1992
Trusted products evaluation
Chokhani S. Communications of the ACM 35(7): 64-76, 1992. Type: Article
Oct 1 1993
An experience using two covert channel analysis techniques on a real system design
Haigh J., Kemmerer R., McHugh J., Young W. IEEE Transactions on Software Engineering SE-13(2): 157-168, 1987. Type: Article
Nov 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy