|
Abstract : |
Abstract?This paper describes the implementation of the OKE, which allows users other than root to load native and fully optimised code in the Linux kernel. Safety is guaranteed by trust management, language customisation and a trusted compiler. By coupling trust management with the compiler, the OKE is able to vary the level of restrictions on the code running in the kernel, depending on the programmer?s privileges. Static sandboxing is used as much as possible to check adherence to the security policies at compile time. I., |
