Security kernels

Authors:
Steven B. Lipner;William A. Wulf;Roger R. Schell;Gerald J. Popek;Peter G. Neumann;Clark Weissman;Theodore A. Linden
Affiliations:
The Mitre Corporation;Carnegie-Mellon University;United States Air Force;University of California;SRI Computer Science Group;System Development Corporation;-
Venue:
AFIPS '74 Proceedings of the May 6-10, 1974, national computer conference and exposition
Year:
1974

Citing 13
Cited 1

An Assessment of Techniques for Proving Program Correctness

ACM Computing Surveys (CSUR)
Protection and the control of information sharing in multics

Communications of the ACM
A technique for software module specification with examples

Communications of the ACM
On the criteria to be used in decomposing systems into modules

Communications of the ACM
Programming semantics for multiprogrammed computations

Communications of the ACM
Reasoning about programs

POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Implications of a virtual memory mechanism for implementing protection in a family of operating systems

Implications of a virtual memory mechanism for implementing protection in a family of operating systems
Protection in programmed systems.

Protection in programmed systems.
Privacy and Protection in Operating Systems

Computer
Dynamic protection structures

AFIPS '69 (Fall) Proceedings of the November 18-20, 1969, fall joint computer conference
A summary of progress toward proving program correctness

AFIPS '72 (Fall, part I) Proceedings of the December 5-7, 1972, fall joint computer conference, part I
C.mmp: a multi-mini-processor

AFIPS '72 (Fall, part II) Proceedings of the December 5-7, 1972, fall joint computer conference, part II
Verifiable secure operating system software

AFIPS '74 Proceedings of the May 6-10, 1974, national computer conference and exposition

A security policy for a profile-oriented operating system

AFIPS '81 Proceedings of the May 4-7, 1981, national computer conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recent experience in computer security has illustrated the susceptibility of numerous operating systems to hostile penetration. Successful penetrations have been directed at manufacturers' conventional operating systems as well as special "secure" versions that have been the subjects of exhaustive efforts to find and fix all potential security problems. While formal reports are understandably hard to come by, it appears that the effort required to "break" any operating system and obtain access to any information it stores (at any time and without detection) is in the range two to four man-months. In contrast, the effort expended in futile attempts to prevent such penetration may be as much as two orders of magnitude greater (several man-years or more).