{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T04:14:28Z","timestamp":1773375268083,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,6,25]],"date-time":"2014-06-25T00:00:00Z","timestamp":1403654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,6,25]]},"DOI":"10.1145\/2613087.2613111","type":"proceedings-article","created":{"date-parts":[[2014,7,1]],"date-time":"2014-07-01T14:23:03Z","timestamp":1404224583000},"page":"211-222","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Policy models to protect resource retrieval"],"prefix":"10.1145","author":[{"given":"Hayawardh","family":"Vijayakumar","sequence":"first","affiliation":[{"name":"The Pennsylvania State University, University Park, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinyang","family":"Ge","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University, University Park, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University, University Park, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2014,6,25]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"'98: Proceedings of the Third ACM Workshop on Role-based Access Control","author":"RBAC","year":"1998","unstructured":"RBAC '98: Proceedings of the Third ACM Workshop on Role-based Access Control , New York, NY, USA , 1998 . ACM. Chairman-Youman, Charles and Chairman-Jaeger, Trent. RBAC '98: Proceedings of the Third ACM Workshop on Role-based Access Control, New York, NY, USA, 1998. ACM. Chairman-Youman, Charles and Chairman-Jaeger, Trent."},{"key":"e_1_3_2_1_2_1","volume-title":"http:\/\/docs.sun.com\/app\/docs\/doc\/819--7312","year":"2008","unstructured":"Solaris Trusted Extensions Developer's Guide. http:\/\/docs.sun.com\/app\/docs\/doc\/819--7312 , 2008 . Solaris Trusted Extensions Developer's Guide. http:\/\/docs.sun.com\/app\/docs\/doc\/819--7312, 2008."},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 9th USENIX Security Symposium","author":"Acharya A.","year":"2000","unstructured":"A. Acharya and M. Raje . MAPbox: Using parameterized behavior classes to confine untrusted applications . In Proceedings of the 9th USENIX Security Symposium , August 2000 . A. Acharya and M. Raje. MAPbox: Using parameterized behavior classes to confine untrusted applications. In Proceedings of the 9th USENIX Security Symposium, August 2000."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"e_1_3_2_1_5_1","volume-title":"USENIX TC '95","author":"Berman A.","year":"1995","unstructured":"A. Berman : Process-specific file protection for the UNIX operating system . In USENIX TC '95 , 1995 . A. Berman et al. TRON: Process-specific file protection for the UNIX operating system. In USENIX TC '95, 1995."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501979"},{"issue":"2","key":"e_1_3_2_1_8_1","first-page":"131","article-title":"Checking for race conditions in file accesses","volume":"2","author":"Bishop M.","year":"1996","unstructured":"M. Bishop , M. Dilger , Checking for race conditions in file accesses . Computing systems , 2 ( 2 ): 131 -- 152 , 1996 . M. Bishop, M. Dilger, et al. Checking for race conditions in file accesses. Computing systems, 2(2):131--152, 1996.","journal-title":"Computing systems"},{"key":"e_1_3_2_1_9_1","unstructured":"BitBlaze. BitBlaze binary analysis project. http:\/\/bitblaze.cs.berkeley.edu 2014.  BitBlaze. BitBlaze binary analysis project. http:\/\/bitblaze.cs.berkeley.edu 2014."},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Security '06","author":"Borisov N.","year":"2005","unstructured":"N. Borisov Fixing races for fun and profit: How to abuse atime . In USENIX Security '06 , 2005 . N. Borisov et al. Fixing races for fun and profit: How to abuse atime. In USENIX Security '06, 2005."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1989.36295"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.10"},{"key":"e_1_3_2_1_13_1","volume-title":"NDSS","author":"Chari S.","year":"2010","unstructured":"S. Chari , S. Halevi , and W. Venema . Where do you want to go today? escalating privileges by pathname manipulation . In NDSS , 2010 . S. Chari, S. Halevi, and W. Venema. Where do you want to go today? escalating privileges by pathname manipulation. In NDSS, 2010."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_1_15_1","first-page":"165","volume-title":"USENIX Security Symposium","author":"Cowan C.","year":"2001","unstructured":"C. Cowan , S. Beattie , C. Wright , and G. Kroah-Hartman . Raceguard: Kernel protection from temporary file race vulnerabilities . In USENIX Security Symposium , pages 165 -- 176 , 2001 . C. Cowan, S. Beattie, C. Wright, and G. Kroah-Hartman. Raceguard: Kernel protection from temporary file race vulnerabilities. In USENIX Security Symposium, pages 165--176, 2001."},{"key":"e_1_3_2_1_16_1","unstructured":"CWE. CWE-426: Untrusted Search Path. http:\/\/cwe.mitre.org\/data\/definitions\/426.html.  CWE. CWE-426: Untrusted Search Path. http:\/\/cwe.mitre.org\/data\/definitions\/426.html."},{"key":"e_1_3_2_1_17_1","unstructured":"CWE. CWE-59: Improper Link Resolution Before File Access. http:\/\/cwe.mitre.org\/data\/definitions\/59.html.  CWE. CWE-59: Improper Link Resolution Before File Access. http:\/\/cwe.mitre.org\/data\/definitions\/59.html."},{"key":"e_1_3_2_1_18_1","first-page":"195","volume-title":"USENIX Security Symposium","author":"Dean D.","year":"2004","unstructured":"D. Dean and A. J. Hu . Fixing races for fun and profit: How to use access (2) . In USENIX Security Symposium , pages 195 -- 206 , 2004 . D. Dean and A. J. Hu. Fixing races for fun and profit: How to use access (2). In USENIX Security Symposium, pages 195--206, 2004."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/365230.365252"},{"key":"e_1_3_2_1_21_1","unstructured":"Domain Names - Implementation and Specification. http:\/\/http:\/\/www.ietf.org\/rfc\/rfc1035.txt.  Domain Names - Implementation and Specification. http:\/\/http:\/\/www.ietf.org\/rfc\/rfc1035.txt."},{"key":"e_1_3_2_1_22_1","first-page":"1","volume-title":"OSDI","volume":"10","author":"Enck W.","year":"2010","unstructured":"W. Enck , P. Gilbert , B.-G. Chun , L. P. Cox , J. Jung , P. McDaniel , and A. Sheth . Taintdroid: An information- ow tracking system for realtime privacy monitoring on smartphones . In OSDI , volume 10 , pages 1 -- 6 , 2010 . W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information- ow tracking system for realtime privacy monitoring on smartphones. In OSDI, volume 10, pages 1--6, 2010."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/882494.884406"},{"key":"e_1_3_2_1_24_1","unstructured":"Mandatory Access Control - FreeBSD. http:\/\/www.freebsd.org\/handbook\/mac.html.  Mandatory Access Control - FreeBSD. http:\/\/www.freebsd.org\/handbook\/mac.html."},{"key":"e_1_3_2_1_25_1","volume-title":"NDSS '04","author":"Garfinkel T.","year":"2004","unstructured":"T. Garfinkel : A delegating architecture for secure system call interposition . In NDSS '04 , 2004 . T. Garfinkel et al. Ostia: A delegating architecture for secure system call interposition. In NDSS '04, 2004."},{"key":"e_1_3_2_1_26_1","volume-title":"USENIX Security '96","year":"1996","unstructured":"Goldberg A secure environment for untrusted helper applications . In USENIX Security '96 , 1996 . Goldberg et al. A secure environment for untrusted helper applications. In USENIX Security '96, 1996."},{"key":"e_1_3_2_1_27_1","volume-title":"Implementing protection domains in the java development kit 1.2","author":"Gong L.","year":"1988","unstructured":"L. Gong , R. Schemers , and S. Microsystems . Implementing protection domains in the java development kit 1.2 , 1988 . L. Gong, R. Schemers, and S. Microsystems. Implementing protection domains in the java development kit 1.2, 1988."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.30"},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX Annual Technical Conference","author":"Hicks B.","year":"2007","unstructured":"B. Hicks , S. Rueda , T. Jaeger , and P. McDaniel . From trusted to secure: building and executing applications that enforce system security . In USENIX Annual Technical Conference , June 2007 . B. Hicks, S. Rueda, T. Jaeger, and P. McDaniel. From trusted to secure: building and executing applications that enforce system security. In USENIX Annual Technical Conference, June 2007."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of Workshop on Advanced Developments in Software and Systems Security","author":"Howard M.","year":"2003","unstructured":"M. Howard , J. Pincus , and J. Wing . Measuring Relative Attack Surfaces . In Proceedings of Workshop on Advanced Developments in Software and Systems Security , December 2003 . M. Howard, J. Pincus, and J. Wing. Measuring Relative Attack Surfaces. In Proceedings of Workshop on Advanced Developments in Software and Systems Security, December 2003."},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 12th USENIX Security Symposium","author":"Jaeger T.","year":"2003","unstructured":"T. Jaeger , R. Sailer , and X. Zhang . Analyzing integrity protection in the SELinux example policy . In Proceedings of the 12th USENIX Security Symposium , Aug. 2003 . T. Jaeger, R. Sailer, and X. Zhang. Analyzing integrity protection in the SELinux example policy. In Proceedings of the 12th USENIX Security Symposium, Aug. 2003."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.1"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294293"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/775265.775268"},{"key":"e_1_3_2_1_36_1","volume-title":"Capability-based Computer Systems","author":"Levy H. M.","year":"1984","unstructured":"H. M. Levy . Capability-based Computer Systems . Digital Press , 1984 . Available at http:\/\/www.cs.washington.edu\/homes\/levy\/capabook\/. H. M. Levy. Capability-based Computer Systems. Digital Press, 1984. Available at http:\/\/www.cs.washington.edu\/homes\/levy\/capabook\/."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/356678.356682"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/1247360.1247404"},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the (First) USENIX Security Workshop","author":"McIlroy D.","year":"1988","unstructured":"D. McIlroy and J. Reeds . Multilevel windows on a single-level terminal . In Proceedings of the (First) USENIX Security Workshop , Aug. 1988 . D. McIlroy and J. Reeds. Multilevel windows on a single-level terminal. In Proceedings of the (First) USENIX Security Workshop, Aug. 1988."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.133.0230"},{"key":"e_1_3_2_1_41_1","unstructured":"MSDN. Mandatory Integrity Control (Windows). http:\/\/msdn.microsoft.com\/en-us\/library\/bb648648%28VS.85%29.aspx.  MSDN. Mandatory Integrity Control (Windows). http:\/\/msdn.microsoft.com\/en-us\/library\/bb648648%28VS.85%29.aspx."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/268998.266669"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/363516.363526"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/90417.90741"},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of the 2005 Network and Distributed System Security Symposium","author":"Newsome J.","year":"2005","unstructured":"J. Newsome and D. X. Song . Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software . In Proceedings of the 2005 Network and Distributed System Security Symposium , 2005 . J. Newsome and D. X. Song. Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In Proceedings of the 2005 Network and Distributed System Security Symposium, 2005."},{"key":"e_1_3_2_1_47_1","volume-title":"http:\/\/www.novell.com\/linux\/security\/apparmor\/","year":"2008","unstructured":"AppArmor Linux application security. http:\/\/www.novell.com\/linux\/security\/apparmor\/ , 2008 . AppArmor Linux application security. http:\/\/www.novell.com\/linux\/security\/apparmor\/, 2008."},{"key":"e_1_3_2_1_48_1","unstructured":"Security-enhanced linux targeted policy. http:\/\/www.centos.org\/docs\/5\/html\/Deployment_ Guide-en-US\/rhlcommon-chapter-0001.html.  Security-enhanced linux targeted policy. http:\/\/www.centos.org\/docs\/5\/html\/Deployment_ Guide-en-US\/rhlcommon-chapter-0001.html."},{"key":"e_1_3_2_1_49_1","volume-title":"http:\/\/www.openwall.com\/","year":"2008","unstructured":"OpenWall Project - Information security software for open environments. http:\/\/www.openwall.com\/ , 2008 . OpenWall Project - Information security software for open environments. http:\/\/www.openwall.com\/, 2008."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30541-5_68"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/507711.507722"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/984334.984339"},{"key":"e_1_3_2_1_53_1","volume-title":"ISSSE","author":"Pu C.","year":"2006","unstructured":"C. Pu and J. Wei . A Methodical Defense against TOCTTOU Attacks: The EDGI Approach . In ISSSE , 2006 . C. Pu and J. Wei. A Methodical Defense against TOCTTOU Attacks: The EDGI Approach. In ISSSE, 2006."},{"key":"e_1_3_2_1_54_1","volume-title":"Int. J. Inf. Sec.","author":"K.","year":"2005","unstructured":"K. suk Lhee and S. J. Chapin. Detection of file-based race conditions . Int. J. Inf. Sec. , 2005 . K. suk Lhee and S. J. Chapin. Detection of file-based race conditions. Int. J. Inf. Sec., 2005."},{"key":"e_1_3_2_1_55_1","volume-title":"http:\/\/oss.tresys.com\/projects\/refpolicy","year":"2008","unstructured":"Reference Policy. http:\/\/oss.tresys.com\/projects\/refpolicy , 2008 . Reference Policy. http:\/\/oss.tresys.com\/projects\/refpolicy, 2008."},{"key":"e_1_3_2_1_56_1","first-page":"1","volume-title":"FAST","volume":"8","author":"Tsafrir D.","year":"2008","unstructured":"D. Tsafrir , T. Hertz , D. Wagner , and D. Da Silva . Portably solving file tocttou races with hardness amplification . In FAST , volume 8 , pages 1 -- 18 , 2008 . D. Tsafrir, T. Hertz, D. Wagner, and D. Da Silva. Portably solving file tocttou races with hardness amplification. In FAST, volume 8, pages 1--18, 2008."},{"key":"e_1_3_2_1_57_1","first-page":"243","volume-title":"Proceedings of the 12th USENIX Security Symposium","author":"Tsyrklevich E.","year":"2003","unstructured":"E. Tsyrklevich and B. Yee . Dynamic detection and prevention of race conditions in file accesses . In Proceedings of the 12th USENIX Security Symposium , pages 243 -- 255 , 2003 . E. Tsyrklevich and B. Yee. Dynamic detection and prevention of race conditions in file accesses. In Proceedings of the 12th USENIX Security Symposium, pages 243--255, 2003."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066677.1066758"},{"key":"e_1_3_2_1_59_1","volume-title":"Proceedings of the Third Annual Security Enhanced Linux Symposium","author":"Vance C.","year":"2007","unstructured":"C. Vance , T. Miller , R. Dekelbaum , and A. Reisse . Security-enhanced darwin: Porting selinux to mac osx . In Proceedings of the Third Annual Security Enhanced Linux Symposium , Baltimore, MD, USA , 2007 . C. Vance, T. Miller, R. Dekelbaum, and A. Reisse. Security-enhanced darwin: Porting selinux to mac osx. In Proceedings of the Third Annual Security Enhanced Linux Symposium, Baltimore, MD, USA, 2007."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414500"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2465351.2465358"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/363516.363520"},{"key":"e_1_3_2_1_63_1","volume-title":"Proceedings of the 19th USENIX Security Symposium","author":"Watson R.","year":"2010","unstructured":"R. Watson , J. Anderson , and B. Laurie . Capsicum: practical capabilities for UNIX . In Proceedings of the 19th USENIX Security Symposium , 2010 . R. Watson, J. Anderson, and B. Laurie. Capsicum: practical capabilities for UNIX. In Proceedings of the 19th USENIX Security Symposium, 2010."},{"key":"e_1_3_2_1_64_1","first-page":"15","volume-title":"Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference","author":"Watson R. N. M.","year":"2001","unstructured":"R. N. M. Watson . TrustedBSD : Adding trusted operating system features to FreeBSD . In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference , pages 15 -- 28 , 2001 . R. N. M. Watson. TrustedBSD: Adding trusted operating system features to FreeBSD. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pages 15--28, 2001."},{"key":"e_1_3_2_1_65_1","volume-title":"IEEE International Symp. on Secure Software Engineering (ISSSE)","author":"Wei J.","year":"2006","unstructured":"J. Wei A methodical defense against TOCTTOU attacks: the EDGI approach . In IEEE International Symp. on Secure Software Engineering (ISSSE) , 2006 . J. Wei et al. A methodical defense against TOCTTOU attacks: the EDGI approach. In IEEE International Symp. on Secure Software Engineering (ISSSE), 2006."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/1478559.1478574"},{"key":"e_1_3_2_1_67_1","first-page":"17","volume-title":"Proceedings of the 11th USENIX Security Symposium","author":"Wright C.","year":"2002","unstructured":"C. Wright , C. Cowan , S. Smalley , J. Morris , and G. Kroah-Hartman . Linux Security Modules: General security support for the Linux kernel . In Proceedings of the 11th USENIX Security Symposium , pages 17 -- 31 , August 2002 . C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux Security Modules: General security support for the Linux kernel. In Proceedings of the 11th USENIX Security Symposium, pages 17--31, August 2002."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"e_1_3_2_1_69_1","volume-title":"Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Zeldovich N.","year":"2006","unstructured":"N. Zeldovich , S. Boyd-Wickizer , E. Kohler , and D. Mazi\u00e9res . Making information ow explicit in HiStar . In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI) , November 2006 . N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazi\u00e9res. Making information ow explicit in HiStar. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), November 2006."}],"event":{"name":"SACMAT '14: 19th ACM Symposium on Access Control Models and Technologies","location":"London Ontario Canada","acronym":"SACMAT '14","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM symposium on Access control models and technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2613087.2613111","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2613087.2613111","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:55:57Z","timestamp":1750229757000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2613087.2613111"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,6,25]]},"references-count":68,"alternative-id":["10.1145\/2613087.2613111","10.1145\/2613087"],"URL":"https:\/\/doi.org\/10.1145\/2613087.2613111","relation":{},"subject":[],"published":{"date-parts":[[2014,6,25]]},"assertion":[{"value":"2014-06-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}