DCE security programming
Object-oriented software construction (2nd ed.)
Object-oriented software construction (2nd ed.)
Building a high-performance, programmable secure coprocessor
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Runtime verification of authorization hook placement for the linux security modules framework
Proceedings of the 9th ACM conference on Computer and communications security
Lessons Learned in Implementing and Deploying Crypto Software
Proceedings of the 11th USENIX Security Symposium
Specifying and Verifying Hardware for Tamper-Resistant Software
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Consistency analysis of authorization hook placement in the Linux security modules framework
ACM Transactions on Information and System Security (TISSEC)
Privacy management for portable recording devices
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Cryptography as an operating system service: A case study
ACM Transactions on Computer Systems (TOCS)
An open-source cryptographic coprocessor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Plug-and-play PKI: a PKI your mother can use
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Design and implementation of a parallel crypto server
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Hi-index | 0.00 |
Traditional security toolkits have concentrated mostly on defining a programming interface (API) and left the internals up to individual implementors. This paper presents a design for a portable, flexible security architecture based on traditional computer security models involving a security kernel which controls access to security-relevant objects and attributes based on a configurable security policy. Layered on top of the kernel are various objects which abstract core functionality such as encryption and digital signature capabilities, certificate management, and secure sessions and data enveloping (email encryption) in a manner which allows them to be easily moved into cryptographic devices such as smart cards and crypto accelerators for extra performance or security. The versatility of the design has been proven through its use in implementations ranging from from 16-bit microcontrollers through to supercomputers, as well as a number of unusual areas such as security modules in ATM's.