ACM Transactions on Information and System Security (TISSEC)
A lattice model of secure information flow
Communications of the ACM
Protection in operating systems
Communications of the ACM
A hardware architecture for implementing protection rings
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Introduction to Discrete Structures for Computer Science and Engineering
Introduction to Discrete Structures for Computer Science and Engineering
Verification of a Formal Security Model for Multiapplicative Smart Cards
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Lattice Scheduling and Covert Channels
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Multi-Layered Approach to Security in High Assurance Systems
HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
A security architecture for transient trust
Proceedings of the 2nd ACM workshop on Computer security architectures
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Idea: Trusted Emergency Management
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Hi-index | 0.00 |
Various system architectures have been proposed for high assurance enforcement of multilevel security. This paper provides an analysis of the relative merits of three architectural types -- one based on a security kernel, another based on a traditional separation kernel, and a third based on a least-privilege separation kernel. We introduce the Least Privilege architecture, which incorporates security features from the recent "Separation Kernel Protection Profile," and show how it can provide several unique aspects of security and assurance, although each architecture has advantages.