T. Shinagawa, K. Kono, and T. Masuda (Japan)
Executable Content, Security, Operating System, Finegrained Protection Domain
Executable content poses a threat of unauthorized access
because it contains program code running on the user's
machine. Protecting against executable content is difficult
because of the inevitable flaws in the implementation of
protection mechanisms. This paper introduces a hierarchi
cal protection model to tolerate flaws in protection mecha
nisms. This model improves both the granularity and the
robustness of protection mechanisms by nesting two pro
tection domains: a level-1 protection domain to provide
fine-grained access control on executable content, and a
level-2 protection domain to act as a fail-safe mechanism.
We achieved an efficient implementation of the hierarchical
protection model that incorporated the fine-grained protec
tion domains proposed in our previous paper.