![]() ![]() Then follows an evaluation of Mach, the microkernel on which the Hurd is built, emphasizing the design constraints which Mach imposes as well as a number of deficiencies its design presents for multi-server like systems. We then critique the architecture and assess it in terms of the user environment of today focusing on security. This paper is first a presentation of the Hurd's design goals and a characterization of its architecture primarily as it represents a departure from Unix's. To increase extensibility and integration, the Hurd adopts an object-based architecture and defines interfaces, in particular those for the composition of and access to name spaces, that are virtualizable. Foremost among these is that many policies that limit users exist simply as remnants of the design of the system's mechanisms and their implementation. The GNU Hurd's design was motivated by a desire to rectify a number of observed shortcomings in Unix. Changes to the three security systems are also proposed to address or mitigate specific usability issues that were identified. These themes are used to compare the usability of the three systems studied, and it is proposed that these factors can be used to inform the design of new systems and development of existing ones. Qualitative analysis identified a number of factors that affect the usability of application-restriction mechanisms. This paper presents the results of a qualitative analysis of user perceptions of the usability of three application-oriented security systems: SELinux, AppArmor, and FBAC-LSM. Little research has investigated the usability issues associated with application-oriented access controls. However, configuring these systems to enforce end users' own security goals is often beyond their expertise. The protocol is designed to be secure even in the face of malicious authentication agents.Ī number of security mechanisms are available for improving the security of systems by restricting the actions of individual programs to activities that are authorised. Instead, users authenticate to a set of authentication agents using a weak secret such as a user-chosen password or randomly-assigned 4-digit number. The security of Footlights user data is based on public-key cryptography, but users are able to log in to the system without carrying a private key on a hardware token. I demonstrate that practical applications can be written on this platform. Applications run in a confined environment with a private-by-default security model: applications can only access user information with explicit user consent. The Footlights application platform allows third-party developers to write social applications without direct access to users' private data. It is the foundation for a practical shared filesystem, a perfectly unobservable communications channel and a distributed application platform. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year. I also demonstrate that today's OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks.įootlights' storage substrate provides private, scalable, sharable storage using untrusted servers. Addressing these problems fully would fundamentally change users' interactions with OSNs, providing real control over online sharing. It is designed to compete with the performance of today's centralised OSNs, but it does not trust centralised infrastructure to enforce security properties.īased on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Footlights is a platform for distributed social applications that allows users to control the sharing of private information. In this dissertation, I enumerate several privacy problems in online social networks (OSNs) and describe a system called Footlights that addresses them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |