Specification and verification of the UCLA Unix security kernel
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Lattice-Based Access Control Models
Computer
Policy/mechanism separation in Hydra
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Protection in the Hydra Operating System
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
The DGSA: unmet information security challenges for operating system designers
ACM SIGOPS Operating Systems Review
Developing and using a “policy neutral” access control policy
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Embedding security policies into a distributed computing environment
ACM SIGOPS Operating Systems Review
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
Design and implementation of a distributed virtual machine for networked computers
Proceedings of the seventeenth ACM symposium on Operating systems principles
Security architecture for component-based operating systems
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Separating access control policy, enforcement, and functionality in extensible systems
ACM Transactions on Computer Systems (TOCS)
Access control in configurable systems
Secure Internet programming
Providing policy-neutral and transparent access control in extensible systems
Secure Internet programming
Remus: a security-enhanced operating system
ACM Transactions on Information and System Security (TISSEC)
Consistent policy enforcement in distributed systems using mobile policies
Data & Knowledge Engineering - Data and applications security
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Access and use control using externally controlled reference monitors
ACM SIGOPS Operating Systems Review
Stateful distributed interposition
ACM Transactions on Computer Systems (TOCS)
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Improving Mandatory Access Control for HPC clusters
Future Generation Computer Systems
Hi-index | 0.00 |
In both secure and safety-critical systems it is desirable to have a very clear relationship between the system's mandatory security policy and its proven operational semantics. This relationship is made clearer if the system architecture provides strong separation between the enforcement mechanisms and the policy decisions, and if the policy decision software is clearly identifiable in the system's architecture. This paper describes a prototype Unix system based on Mach which provides mandatory control over all kernel-supported operations. The prototype work modified the Mach kernel by extending its limited control mechanisms based on the Mach port right. The control extensions allow a mandatory control policy to specify control over not only access to an object via a port right, but over the individual services supported by the object. The mandatory security policy is implemented in an external Security Server which provides very strong separation between policy enforcement and policy decision software. This makes it possible to support a wide range of security policies with no change to the kernel or applications.