Flexible access control using IPC redirection

Trent Jaeger, Kevin Elphinstone, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Park

Research output: Contribution to conferencePaperpeer-review

12 Scopus citations


We present a mechanism for inter-process communication (IPC) redirection that enables efficient and flexible access control for micro-kernel systems. In such systems, services are implemented at user-level, so IPC is the only means of communication between them. Thus, the system must be able to mediate IPCs to enforce its access control policy. Such mediation must enable enforcement of security policy with as little performance overhead as possible, but current mechanisms either: (1) place significant access control functionality in the kernel which increases IPC cost or (2) are static and require more IPCs than necessary to enforce access control. We define an IPC redirection mechanism that makes two improvements: (1) it removes the management of redirection policy from the kernel, so access control enforcement can be implemented outside the kernel and (2) it separates the notion of who controls the redirection policy from the redirections themselves, so redirections can be configured arbitrarily and dynamically. In this paper, we define our redirection mechanism, demonstrate its use, and examine possible, efficient implementations.

Original languageEnglish (US)
Number of pages6
StatePublished - Jan 1 1999
EventProceedings of the 1999 7th Workshop on Hot Topics in Operating Systems (HotOS-VII) - Rio Rico, AZ, USA
Duration: Mar 29 1999Mar 30 1999


ConferenceProceedings of the 1999 7th Workshop on Hot Topics in Operating Systems (HotOS-VII)
CityRio Rico, AZ, USA

All Science Journal Classification (ASJC) codes

  • General Computer Science


Dive into the research topics of 'Flexible access control using IPC redirection'. Together they form a unique fingerprint.

Cite this