Support for the file system security requirements of computational e-mail systems

Trent Jaeger, Atul Prakash

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations


Computational e-mail systems, which allow mail messages to contain command scripts that automatically execute upon receipt, can be used as a basis for building a variety of collaborative applications. However, their use also presents a serious security problem because a command script from a sender may access/modify receiver's private files or execute applications on receiver's behalf. Existing solutions to the problem either severely restrict I/O capability of scripts, limiting the range of applications that can be supported over computational e-mail, or permit all I/O to scripts, potentially compromising the security of the receiver's files. Our model, called the intersection model of security, permits I/O for e-mail from trusted senders but without compromising the security of private files. We describe two implementations of our security model: an interpreter-level implementation and an operating systems-level implementation. We discuss the tradeoffs between the two implementations and suggest directions for future work.

Original languageEnglish (US)
Title of host publicationProceedings of the 2nd ACM Conference on Computer and Communications Security, CCS 1994
PublisherAssociation for Computing Machinery
Number of pages9
ISBN (Electronic)0897917324
StatePublished - Nov 2 1994
Event2nd ACM Conference on Computer and Communications Security, CCS 1994 - Fairfax, United States
Duration: Nov 2 1994Nov 4 1994

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other2nd ACM Conference on Computer and Communications Security, CCS 1994
Country/TerritoryUnited States

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Cite this