Notes on application-orientated access control

Abstract

The protection qualities of discretionary access control systems realised by today's prevalent operating systems are based on an assessment of the trustworthiness of users. By starting a program a user transfers his trustworthiness to it, i.e., there is the tacit assumption that the program's trustworthiness at least matches that of the user. However, malicious programs are a growing source of threat. They perform operations without the user's consent and often in contravention of his interests. To eliminate this danger we examine program-orientated protection strategies. We then present, firstly, a small enhancement to the operating system and, secondly, an addition to the operating system, which support both a user and an application with high security demands in the enforcement of authenticity and integrity even in the presence of malicious programs.