Protection and the control of information sharing in multics
Communications of the ACM
A hardware architecture for implementing protection rings
Communications of the ACM
The Multics virtual memory: concepts and design
Communications of the ACM
On the criteria to be used in decomposing systems into modules
Communications of the ACM
A note on the confinement problem
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Ongoing research and development on information protection
ACM SIGOPS Operating Systems Review
Dynamic linking and environment initialization in a multi-domain process.
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
An experimental implementation of the kernel/domain architecture
SOSP '73 Proceedings of the fourth ACM symposium on Operating system principles
On attaining reliable software for a secure operating system
Proceedings of the international conference on Reliable software
A verifiable protection system
Proceedings of the international conference on Reliable software
A structured specification of a hierarchical operating system
Proceedings of the international conference on Reliable software
MINIMIZING THE NAMING FACILITIES REQUIRING PROTECTION IN A COMPUTING UTILITY
MINIMIZING THE NAMING FACILITIES REQUIRING PROTECTION IN A COMPUTING UTILITY
REMOVING THE DYNAMIC LINKER FROM THE SECURITY KERNEL OF A COMPUTING UTILITY
REMOVING THE DYNAMIC LINKER FROM THE SECURITY KERNEL OF A COMPUTING UTILITY
Secure Internet programming
Easy entry: the password encryption problem
ACM SIGOPS Operating Systems Review
Software development and proofs of multi-level security
ICSE '76 Proceedings of the 2nd international conference on Software engineering
Monitoring the monitor: an approach towards trustworthiness in service oriented architecture
2nd international workshop on Service oriented software engineering: in conjunction with the 6th ESEC/FSE joint meeting
A security policy for a profile-oriented operating system
AFIPS '81 Proceedings of the May 4-7, 1981, national computer conference
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Mutual remote attestation: enabling system cloning for TPM based platforms
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Hi-index | 0.00 |
This paper describes a research project to engineer a security kernel for Multics, a general-purpose, remotely accessed, multiuser computer system. The goals are to identify the minimum mechanism that must be correct to guarantee computer enforcement of desired constraints on information access, to simplify the structure of that minimum mechanism to make verification of correctness by auditing possible, and to demonstrate by test implementation that the security kernel so developed is capable of supporting the functionality of Multics completely and efficiently. The paper presents the overall viewpoint and plan for the project and discusses initial strategies being employed to define and structure the security kernel.