Jonathan S. Shapiro, John Vanderburgh, Jack Lloyd
OpenCM is a configuration managment system that supports inter-organizational collaboration, strong content integrity checks, and fine-grain access controls through the pervasive use of cryptographic...
Abstract EROS: a fast capability system (2008)
EROS is a capability-based operating system for commodity processors which uses a single level storage model. The single level store’s persistence is transparent to applications. The performance...
Jonathan S. Shapiro, Ý Jonathan, M. Smith, David J. Farber
EROS is a capability-based operating system for commodity processors which uses a single level storage model. The single level store’s persistence is transparent to applications. The performance...
FREENIX Track CPCMS: A Configuration Management System Based on Cryptographic Names (2008)
Jonathan S. Shapiro, John Vanderburgh
CPCMS, the Cryptographically Protected Configuration Management System is a new configuration management system that provides scalability, disconnected commits, and fine-grain access controls. It...
Abstract HDTrans: An Open Source, Low-Level Dynamic Instrumentation System (2008)
Swaroop Sridhar, Jonathan S. Shapiro, Eric Northup
Dynamic translation is a general purpose tool used for instrumenting programs at run time. Performance of translated execution relies on balancing the cost of translation against the benefits of any...
Abstract EROS: a fast capability system* (2008)
Jonathan S. Shapiro, Jonathan M. Smith, David J. Farber
EROS is a capability-based operating system for commodity processors which uses a single level storage model. The sin-gle level store's persistence is transparent to applications. The...
CPCMS: A Configuration Management System Based on Cryptographic Names (2008)
Freenix Track, Jonathan S. Shapiro, John Vanderburgh
Conference
Network Subsystems Reloaded: A High-Performance, Defensible Network Subsystem (2008)
Anshumal Sinha, Sandeep Sarat, Jonathan S. Shapiro
Traditionally, operating systems have used monolithic network stack implementations: implementations where the whole network stack executes in the kernel or (in microkernels) in a single, trusted,...
Constructing a Language for Security and Safe Execution (2007)
Sam Weber, Jonathan S. Shapiro
The introduction of Web applets and servlets has sparked interest in security at the language level. Users want applets to be able to read and write local information, and also to be able to access...
Jonathan S. Shapiro, David J. Farber, Jonathan M. Smith
EROS is a persistent operating system targeted towards managing resources with great longevity. The system provides a persistent single-level store supporting two fundamental object types: nodes and...
Hdtrans: A low-overhead dynamic translator (2005)
Swaroop Sridhar, Jonathan S. Shapiro, Prashanth P. Bungale
Dynamic translation is a general purpose tool used for instrumenting programs at run time. Many current translators perform substantial rewriting during translation in an attempt to reduce execution...
Hdtrans: A low-overhead dynamic translator (2005)
Swaroop Sridhar, Jonathan S. Shapiro, Prashanth P. Bungale
Dynamic translation is a general purpose tool used for instrumenting programs at run time. Many current translators perform substantial rewriting during translation in an attempt to reduce execution...
Supervisor-Mode Virtualization for x86 in VDebug Abstract (2004)
Prashanth P. Bungale, Swaroop Sridhar, Jonathan S. Shapiro
Machine virtualization techniques offer many ways to improve both debugging and performance analysis facilities available to kernel developers. A minimal hardware interposition, exposing as much as...
Design of the EROS trusted window system (2004)
Jonathan S. Shapiro, John Vanderburgh, Eric Northup, David Chizmadia
Permission is granted for noncommercial reproduction of the work for educational or research purposes.
Abstract Low-Complexity Dynamic Translation in VDebug (2004)
Prashanth P. Bungale, Swaroop Sridhar, Jonathan S. Shapiro
Machine-level dynamic binary translation has been used in applications ranging from debugging, performance analysis, and security policy enforcement to full machine virtualization. Most...
Network Subsystems Reloaded: A High-Performance, Defensible Network Subsystem (2004)
Anshumal Sinha, Sandeep Sarat, Jonathan S. Shapiro
Traditionally, operating systems have used monolithic network stack implementations: implementations where the whole network stack executes in the kernel or (in microkernels) in a single, trusted,...
Design of the EROS trusted window system (2004)
Jonathan S. Shapiro, John Vanderburgh, Eric Northup, David Chizmadia
Window systems are the primary mediator of user input and output in modern computing systems. As a result, they play a key role in the enforcement of security policies and the protection of sensitive...
The structure of authority: Why security is not a separable concern (2004)
Mark S. Miller, Bill Tulloh, Jonathan S. Shapiro, Hewlett Packard Labs
Abstract. Common programming practice grants excess authority for the sake of functionality; programming principles require least authority for the sake of security. If we practice our principles, we...
OpenCM: Early Experiences and Lessons Learned (2003)
Jonathan S. Shapiro, John Vanderburgh, Jack Lloyd
OpenCM is a configuration managment system that supports inter-organizational collaboration, strong content integrity checks, and fine-grain access controls through the pervasive use of cryptographic...
Paradigm Regained: Abstraction Mechanisms for Access Control (2003)
Mark S. Miller, Mark S. Miller, Jonathan Shapiro, Jonathan S. Shapiro, Hewlett Packard Laboratories
Access control systems must be evaluated in part on how well they enable one to distribute the access rights needed for cooperation, while simultaneously limiting the propagation of rights which...
Paradigm Regained: Abstraction Mechanisms for Access Control (2003)
Mark S. Miller, Jonathan S. Shapiro
Abstract. Access control systems must be evaluated in part on how well they enable one to distribute the access rights needed for cooperation, while simultaneously limiting the propagation of rights...
Vulnerabilities in Synchronous IPC Designs (2003)
Recent advances in interprocess communication (IPC) performance have been exclusively based on thread-migrating IPC designs. Thread-migrating designs assume that IPC interactions are synchronous, and...
The Practical Application of a Decidable Access Model (2003)
While the safety of a number of access models has been formally established, few of these models are reflected in real systems. Most currently deployed commodity systems are based on access models...
Paradigm Regained: Abstraction Mechanisms for Access Control (2003)
Mark S. Miller, Jonathan S. Shapiro, Hewlett Packard Laboratories
Abstract. Access control systems must be evaluated in part on how well they support the Principle of Least Authority (POLA), i.e., how well they enable the distribution of appropriate access rights...
Jonathan S. Shapiro, John Vanderburgh
OpenCM is a new configuration management system created to support high-assurance development in open-source projects. Because OpenCM is designed as an open source tool, robust replication support is...
Jonathan S. Shapiro, John Vanderburgh
Symposium
CPCMS: A Configuration Management System Based on (2002)
Cryptographic Names Jonathan, Jonathan S. Shapiro, John Vanderburgh
CPCMS, the Cryptographically Protected Configuration Management System is a new configuration management system that provides scalability, disconnected commits, and fine-grain access controls. It...
EROS: A principle-driven operating system from the ground up (2002)
highly advocated in software construction but are rarely systematically applied. The authors describe the principles on which they built an operating system from the ground up, and how those...
Design Evolution of the EROS Single-Level Store (2002)
Jonathan S. Shapiro, Jonathan Adams
File systems have (at least) two undesirable characteristics: both the addressing model and the consistency semantics differ from those of memory, leading to a change in programming model at the...
Verifying the EROS Confinement Mechanism (2000)
Jonathan S. Shapiro, Samuel Weber
Capability systems can be used to implement higher-level security policies including the *-property if a mechanism exists to ensure confinement. The implementation can be efficient if the...
EROS: a fast capability system (1999)
Jonathan S. Shapiro, Jonathan M. Smith, David J. Farber
EROS is a capability-based operating system for commodity processors which uses a single level storage model. The single level store's persistence is transparent to applications. The performance...
A Family of Securable Protection Systems (1998)
Jonathan S. Shapiro, Sam Weber
This paper describes Metagap'e, a formally specified family of capability systems capable of restricting the transfer of both information and access rights. Previous work indicates that the...
Jonathan S. Shapiro, David J. Farber, Jonathan M. Smith
EROS, the Extremely Reliable Operating System, addresses the issues of reliability and security by combining two ideas from earlier systems: capabilities and a persistent single-level store....
The Measured Performance of a Fast Local IPC (1996)
Jonathan S. Shapiro, David J. Farber, Jonathan M. Smith
Protected application decomposition is limited by the performance of the local interprocess procedure call implementation. In this paper, we measure the performance of a new IPC implementation, and...
Jonathan S. Shapiro, David J. Farber, Jonathan M. Smith
EROS, the Extremely Reliable Operating System, addresses the issues of reliability and security by combining three ideas from earlier systems: capabilities and a persistent single-level store....
Jonathan S. Shapiro, David J. Farber, Jonathan M. Smith
EROS is a persistent operating system targeted towards managing resources with great longevity. The system provides a persistent single-level store supporting two fundamental object types: nodes and...
EROS: A Principle-Driven Operating System from the Ground Up (0000)
RESUMEN RESUMEN Design principles are one of the most advocated ideas in software construction, but they are rarely systematically applied. They are particularly critical in...
EROS: A Principle-Driven Operating System from the Ground Up
RESUMEN RESUMEN Design principles are one of the most advocated ideas in software construction, but they are rarely systematically applied. They are particularly critical in...
The KeyKOS® Nanokernel Architecture
Alan C. Bomberger, Norman Hardy, A. Peri Frantz, A. Peri, William S. Frantz, Charles R. Landau, ...
The KeyKOS nanokernel is a capability-based object-oriented operating system that has been in production use since 1983. Its original implementation was motivated by the need to provide security,...