Authorizing Applications in Singularity

  • Daniel R. Simon ,
  • Aydan Yumerefendi ,
  • Ted Wobber ,
  • Martin Abadi ,
  • Andrew Birrell

Proceedings of the 2007 Eurosys Conference |

Published by Association for Computing Machinery, Inc.

We describe a new design for authorization in operating systems in which applications are first-class entities. In this design, principals reflect application identities. Access control lists are patterns that recognize principals. We present a security model that embodies this design in an experimental operating system, and we describe the implementation of our design and its performance in the context of this operating system.