Communications of the ACM
A hardware architecture for implementing protection rings
Communications of the ACM
The Logical Design of Operating Systems
The Logical Design of Operating Systems
ACM SIGOPS Operating Systems Review
COOPERATION OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY
COOPERATION OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY
REMOVING THE DYNAMIC LINKER FROM THE SECURITY KERNEL OF A COMPUTING UTILITY
REMOVING THE DYNAMIC LINKER FROM THE SECURITY KERNEL OF A COMPUTING UTILITY
The multics system: an examination of its structure
The multics system: an examination of its structure
Timesharing system design concepts (McGraw-Hill computer science series)
Timesharing system design concepts (McGraw-Hill computer science series)
Operating systems
Engineering a security kernel for Multics
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
| Hi-index | 0.00 |
As part of an effort to engineer a security kernel for Multics, the dynamic linker has been removed from the domain of the security kernel. The resulting implementation of the dynamic linking function requires minimal security kernel support and is consistent with the principle of least privilege. In the course of the project, the dynamic linker was found to implement not only a linking function, but also an environment initialization function for executing procedures. This report presents an analysis of dynamic linking and environment initialization in a multi-domain process, isolating three sets of functions requiring different sets of access privileges. A design based on this decomposition of the dynamic linking and environment initialization functions is presented.