Abstract
Powerful applications can be implemented using command scripts. A command script is a program written by one user, called a writer, and made available to another user, called the reader, who executes the script. For instance, command scripts could be used by Mosaic, the popular World-wide Web browsing tool, to provide fancy interfaces to services, such as banking, shopping, etc. However, the use of command scripts presents a serious security problem. A command script is run with the reader's access rights, so a writer can use a command script to gain unauthorized access to the reader's data and applications. Existing solutions to the problem either severely restrict I/O capability of scripts, limiting the range of applications that can be supported, or permit all I/O to scripts, potentially compromising the security of the reader's data. We define a discretionary access control model that permits users to flexibly limit the access rights of the processes that execute a command script. We use this model in a prototype system that safely executes command scripts available from Mosaic.
Original language | English (US) |
---|---|
Pages (from-to) | 70-84 |
Number of pages | 15 |
Journal | Proceedings of the Computer Security Foundations Workshop |
State | Published - 1995 |
Event | Proceedings of the 8th IEEE Computer Security Foundations Workshop - County Kerry, Irel Duration: Jun 13 1995 → Jun 15 1995 |
All Science Journal Classification (ASJC) codes
- Software