Protection and the control of information sharing in multics
Communications of the ACM
A user authentication scheme not requiring secrecy in the computer
Communications of the ACM
A high security log-in procedure
Communications of the ACM
A hardware architecture for implementing protection rings
Communications of the ACM
A note on the confinement problem
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Concepts and Conditions for Confinement
Concepts and Conditions for Confinement
| Hi-index | 0.00 |
As part of the general goal of providing secure computer systems, the design of verifiably secure operating systems is one of the most important tasks. This paper addresses the problem by defining security in terms of a model and proposing a set of principles which should be satisfied. Four key operating system partitions are identified: user interface functions, user invoked services, background services, and the security kernel. Principles are then defined to insure that interface functions provide a safe initial environment for executing user programs, user called services are confined, background services have no access to user information, and the security kernel adequately protects stored information.