{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:06:06Z","timestamp":1763967966577,"version":"3.41.0"},"reference-count":48,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2007,12,1]],"date-time":"2007-12-01T00:00:00Z","timestamp":1196467200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Comput. Syst."],"published-print":{"date-parts":[[2007,12]]},"abstract":"<jats:p>Asbestos, a new operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced labels, including controls on interprocess communication and system-wide information flow. A new event process abstraction defines lightweight, isolated contexts within a single process, allowing one process to act on behalf of multiple users while preventing it from leaking any single user's data to others. A Web server demonstration application uses these primitives to isolate private user data. Since the untrusted workers that respond to client requests are constrained by labels, exploited workers cannot directly expose user data except as allowed by application policy. The server application requires 1.4 memory pages per user for up to 145,000 users and achieves connection rates similar to Apache, demonstrating that additional security can come at an acceptable cost.<\/jats:p>","DOI":"10.1145\/1314299.1314302","type":"journal-article","created":{"date-parts":[[2007,12,21]],"date-time":"2007-12-21T14:52:36Z","timestamp":1198248756000},"page":"11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":62,"title":["Labels and event processes in the Asbestos operating system"],"prefix":"10.1145","volume":"25","author":[{"given":"Steve","family":"Vandebogart","sequence":"first","affiliation":[{"name":"University of California, Los Angeles"}]},{"given":"Petros","family":"Efstathopoulos","sequence":"additional","affiliation":[{"name":"University of California, Los Angeles"}]},{"given":"Eddie","family":"Kohler","sequence":"additional","affiliation":[{"name":"University of California, Los Angeles"}]},{"given":"Maxwell","family":"Krohn","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology"}]},{"given":"Cliff","family":"Frey","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology"}]},{"given":"David","family":"Ziegler","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology"}]},{"given":"Frans","family":"Kaashoek","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology"}]},{"given":"Robert","family":"Morris","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology"}]},{"given":"David","family":"Mazi\u00e8res","sequence":"additional","affiliation":[{"name":"Stanford University"}]}],"member":"320","published-online":{"date-parts":[[2007,12]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Apache. The Apache HTTP Server Project. http:\/\/httpd.apache.org.  Apache. The Apache HTTP Server Project. http:\/\/httpd.apache.org."},{"key":"e_1_2_1_2_1","unstructured":"Apache API Notes. Apache API module notes: http:\/\/httpd.apache.org\/docs\/1.3\/misc\/API.html.  Apache API Notes. Apache API module notes: http:\/\/httpd.apache.org\/docs\/1.3\/misc\/API.html."},{"key":"e_1_2_1_3_1","article-title":"Secure computer system: Unified exposition and Multics interpretation","author":"Bell D. E.","year":"1976","journal-title":"Tech. Rep. MTR-2997, Rev. 1, MITRE Corp., Bedford, MA."},{"volume-title":"Proceedings of the 7th Annual Symposium on Computer Architecture (ISCA). 245--252","year":"1980","author":"Berstis V.","key":"e_1_2_1_4_1"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"Branstad M.","key":"e_1_2_1_5_1"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/42392.42400"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"e_1_2_1_9_1","unstructured":"Department of Defense. 1985. Trusted Computer System Evaluation Criteria (Orange Book). Department of Defense. DoD 5200.28-STD.  Department of Defense. 1985. Trusted Computer System Evaluation Criteria (Orange Book). Department of Defense. DoD 5200.28-STD."},{"volume-title":"Proceedings of the 1st International Conference on Mobile Systems, Applications, and Services (MOBISYS)","year":"2003","author":"Dunkels A.","key":"e_1_2_1_10_1"},{"volume-title":"Proceedings of the 20th ACM Symposium on Operating Systems Principles. Brighton, England. 10","author":"Efstathopoulos P.","key":"e_1_2_1_11_1"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","year":"2000","author":"Fraser T.","key":"e_1_2_1_12_1"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the AFIPS National Computer Conference.","volume":"42","author":"Goldberg R. P.","year":"1973"},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1145\/54289.871709","article-title":"The confused deputy (or why capabilities might have been invented)","volume":"22","author":"Hardy N.","year":"1988","journal-title":"Operat. Syst. Rev."},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","year":"1991","author":"Hu W.-M.","key":"e_1_2_1_15_1"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/317087.317091"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","year":"1987","author":"Karger P. A.","key":"e_1_2_1_17_1"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"Karger P. A.","key":"e_1_2_1_18_1"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"Karger P. A.","key":"e_1_2_1_19_1"},{"volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"King S. T.","key":"e_1_2_1_21_1"},{"volume-title":"Proceedings of the USENIX Annual Technical Conference","year":"2004","author":"Krohn M.","key":"e_1_2_1_22_1"},{"volume-title":"Proceedings of the 10th Hot Topics in Operating Systems Symposium (HotOS-X)","author":"Krohn M.","key":"e_1_2_1_23_1"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/356850.356852"},{"volume-title":"Feb. 25, 2005. http:\/\/news.com.com\/2102-1029_3-5587859","year":"2005","author":"Lemos R.","key":"e_1_2_1_25_1"},{"volume-title":"Proceedings of the 15th ACM Symposium on Operating Systems Principles. Copper Mountain Resort, CO. 10","year":"1995","author":"Liedtke J.","key":"e_1_2_1_26_1"},{"volume-title":"Proceedings of the USENIX Annual Technical Conference---FREENIX Track. 29--40","author":"Loscocco P.","key":"e_1_2_1_27_1"},{"volume-title":"Proceedings of the Security Enhanced Linux Symposium","author":"MacMillan K.","key":"e_1_2_1_28_1"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"McCollum C. J.","key":"e_1_2_1_29_1"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.4380220805"},{"volume-title":"Proceedings of COMPCON","year":"1994","author":"Mitchell J. G.","key":"e_1_2_1_31_1"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/363516.363526"},{"volume-title":"March 17, 2005. http:\/\/www.news10","year":"2005","author":"News 0.","key":"e_1_2_1_33_1"},{"volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Pai V. S.","key":"e_1_2_1_34_1"},{"key":"e_1_2_1_35_1","first-page":"221","article-title":"Plan 9 from Bell","volume":"8","author":"Pike R.","year":"1995","journal-title":"Labs. Comput. Syst."},{"volume-title":"Proceedings of the 8th ACM Symposium on Operating Systems Principles","author":"Rashid R. F.","key":"e_1_2_1_36_1"},{"key":"e_1_2_1_37_1","first-page":"305","article-title":"CHORUS distributed operating system","volume":"1","author":"Rozier M.","year":"1988","journal-title":"Comput. Syst."},{"key":"e_1_2_1_38_1","doi-asserted-by":"crossref","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","article-title":"The protection of information in computer systems","volume":"63","author":"Saltzer J. H.","year":"1975","journal-title":"Proceedings of the IEEE"},{"volume-title":"Proceedings of Fast Software Encryption, Cambridge Security Workshop. Springer-Verlag, 191--204","year":"1993","author":"Schneier B.","key":"e_1_2_1_39_1"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/52.976938"},{"volume-title":"Proceedings of the 17th ACM Symposium on Operating Systems Principles","year":"1915","author":"Shapiro J. S.","key":"e_1_2_1_41_1"},{"key":"e_1_2_1_42_1","unstructured":"SQLite. http:\/\/www.sqlite.org. Version 3.2.1.  SQLite. http:\/\/www.sqlite.org. Version 3.2.1."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96281"},{"key":"e_1_2_1_44_1","first-page":"2006","article-title":"Major breach of UCLA\u2019s computer files","volume":"12","author":"Trounson R.","year":"2006","journal-title":"Los Angeles Times"},{"key":"e_1_2_1_45_1","first-page":"3","article-title":"VMware and the National Security Agency team to build advanced secure computer systems","volume":"9","author":"Mware","year":"2000","journal-title":"Tech Trend Notes"},{"volume-title":"Proceedings of the 19th ACM Symposium on Operating Systems Principles. Bolton Landing","author":"von Behren R.","key":"e_1_2_1_46_1"},{"volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Watson R.","key":"e_1_2_1_47_1"},{"volume-title":"Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI '02)","author":"Whitaker A.","key":"e_1_2_1_48_1"},{"volume-title":"Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI'06)","author":"Zeldovich N. B.","key":"e_1_2_1_49_1"}],"container-title":["ACM Transactions on Computer Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1314299.1314302","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1314299.1314302","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T15:14:06Z","timestamp":1750259646000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1314299.1314302"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,12]]},"references-count":48,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2007,12]]}},"alternative-id":["10.1145\/1314299.1314302"],"URL":"https:\/\/doi.org\/10.1145\/1314299.1314302","relation":{},"ISSN":["0734-2071","1557-7333"],"issn-type":[{"type":"print","value":"0734-2071"},{"type":"electronic","value":"1557-7333"}],"subject":[],"published":{"date-parts":[[2007,12]]},"assertion":[{"value":"2007-12-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}