Analysis of three multilevel security architectures

Authors:
Timothy E. Levin;Cynthia E. Irvine;Clark Weissman;Thuy D. Nguyen
Affiliations:
Naval Postgraduate School, Monterey, CA;Naval Postgraduate School, Monterey, CA;Northrop Grumman Corp., El Segundo, CA;Naval Postgraduate School, Monterey, CA
Venue:
Proceedings of the 2007 ACM workshop on Computer security architecture
Year:
2007

Citing 12
Cited 4

Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
A lattice model of secure information flow

Communications of the ACM
Protection in operating systems

Communications of the ACM
A hardware architecture for implementing protection rings

Communications of the ACM
A note on the confinement problem

Communications of the ACM
Introduction to Discrete Structures for Computer Science and Engineering

Introduction to Discrete Structures for Computer Science and Engineering
Verification of a Formal Security Model for Multiapplicative Smart Cards

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Design and verification of secure systems

SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Lattice Scheduling and Covert Channels

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Multi-Layered Approach to Security in High Assurance Systems

HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
Security Kernel Design and Implementation: An Introduction

Computer
Scomp: A Solution to the Multilevel Security Problem

Computer

A security architecture for transient trust

Proceedings of the 2nd ACM workshop on Computer security architectures
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Idea: Trusted Emergency Management

ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Various system architectures have been proposed for high assurance enforcement of multilevel security. This paper provides an analysis of the relative merits of three architectural types -- one based on a security kernel, another based on a traditional separation kernel, and a third based on a least-privilege separation kernel. We introduce the Least Privilege architecture, which incorporates security features from the recent "Separation Kernel Protection Profile," and show how it can provide several unique aspects of security and assurance, although each architecture has advantages.