HP Polaris (computer security)
- HP Polaris (computer security)
Polaris is a Microsoft Windows system for running application software with limited authority.
Configuring an application to run under Polaris is known as "polarizing" it. This creates a "pet", an instance of the application which is isolated from other pets. A pet starts off without the authority to access any of the user's files, but Polaris grants it rights to access individual files as a result of actions the user takes:
* Opening a file using the pet grants it the right to read and write the file. (File extensions can be associated with a pet.)
* Polaris intercepts the pet's use of the Windows file chooser dialog box so that it acts as a Powerbox. This means that when the user chooses a file in a File dialog opened by the pet, the system grants the pet access to that file.
This design is partly based on CapDesk.
Polaris takes its name from POLA, the Principle of least authority.
Polaris was developed at HP Labs. As of July 2008, it has not been publicly released. At some point there were plans to put Polaris on consumer PCs that HP ships [http://www.eros-os.org/pipermail/cap-talk/2005-November/004168.html] , although the current status of these plans is not clear.
Implementation
Polaris launches applications under restricted user accounts, using Windows APIs that create a process with given logon credentials (sometimes known as 'RunAs'). Recent versions also run processes in separate "jobs" to provide a stronger level of isolation.
Polaris does not grant applications the right to access a file by modifying the file's access control list (ACL). Instead, it copies the file into the user account that the application runs under. Polaris sets up a synchronizer so that if the application modifies its copy of the file, Polaris copies it back to the original. This has the advantage that the application's authority to change the file is revoked when the synchronizer is stopped.
Polaris must prevent the Shatter attack on Windows in order to be secure.
ee also
* CapDesk
* Bitfrost
External links
* [http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html Tech Report: Polaris: Virus Safe Computing for Windows XP]
* [http://www.hpl.hp.com/personal/Alan_Karp/polaris.pdf Polaris: Toward Virus Safe Computing for Windows XP] , an earlier version of the same paper
Wikimedia Foundation.
2010.
Look at other dictionaries:
Polaris (comics) — Superherobox| caption=Polaris. Art by Billy Tan. character name=Polaris alter ego=Lorna Dane species=Human Mutant and Human Mutate (cyborg) publisher=Marvel Comics debut= The X Men #49 (October, 1968) creators=Arnold Drake Don Heck Werner Roth… … Wikipedia
List of computer technology code names — Following is a list of code names that have been used to identify computer hardware and software products while in development. In some cases, the code name became the completed product s name, but most of these code names are no longer used once … Wikipedia
Bitfrost — Infobox Software name = Bitfrost caption = developer = Ivan Krstić latest release version = latest release date = operating system = Linux genre = Privacy, Antivirus license = GNU General Public License website = Bitfrost is the security design… … Wikipedia
Plash — infobox software name = Plash latest release version = 1.19 Anxious Albert latest release date = release date|2008|05|05 programming language = C, Python operating system = Linux license = GNU Lesser General Public License website =… … Wikipedia
CapDesk — is a desktop environment that rigorously applies the Principle of least authority, in order to provide security for the user when running applications.Under CapDesk, applications are run with minimal authority, so that an application does not… … Wikipedia
Marc Stiegler — Contents 1 Bibliography 1.1 Books 1.2 Collection 1.3 Anthologies containing storie … Wikipedia
FLOPS — Computer performance Name FLOPS yottaFLOPS 1024 zettaFLOPS 1021 exaFLOPS 1018 petaFLOPS 1015 teraFLOPS 1012 gigaFLOPS 109 megaFLOPS 106 kiloFLOPS … Wikipedia
Lawrence Livermore National Laboratory — Infobox Laboratory name = Lawrence Livermore National Laboratory motto = Science in the national interest established = 1952 by the University of California director = George H. Miller city = Livermore, California budget = US$1.6 billion type =… … Wikipedia
international relations — a branch of political science dealing with the relations between nations. [1970 75] * * * Study of the relations of states with each other and with international organizations and certain subnational entities (e.g., bureaucracies and political… … Universalium
Stars and planetary systems in fiction — The planetary systems of stars other than the Sun and the Solar System are a staple element in much science fiction. Contents 1 Overview 1.1 The brightest stars … Wikipedia
