Security policies in Nizza on top of L4.sec

Declaration I declare to have written this work independently and without using unmentioned sources. Erklärung Hiermit erkläre ich, dass ich diese Arbeit selbstständig erstellt und keine anderen als die angegebenen Hilfsmittel benutzt habe. Task formulation Within the scope of the diploma thesis, the management of different security policies on top of the microkernel L4.sec has to be evaluated. The resulting work will be part of a Trusted Computing Base software, which is under development. Therefore, it has to be compatible to this software. The following problems are of particularly interest for the exploration: How can a capability-based system be designed, so that it supports all imaginable security policies? In such a system, how can users and resources be mapped to names and identities of the platform? The work has to include a prototypical implementation, as well as an evaluation of the design , regarding complexity and generality. Acknowledgment First and foremost, I want to thank my supervisor Christian Helmuth, who helped me with answering a lot of questions, in finding design weaknesses and by giving me the freedom to develop my own ideas. Thanks goes to Norman Feske for his tirelessly work on Bastei and the support he spend to me. Furthermore, I'm thankful to Marcus Völp, for discussions about different policy models and Thomas Kriegelstein, who gave me hints on existing, theoretical work. The practical part of my work wouldn't exist without the patient answers of Christian Oschwald to my C++ questions. Also, I'd like to thank Sandro Merbd and the Conni e.V., who inspired the scenario in the design part. Finally, I want to thank Hermann Härtig for facilitating the whole work, by establishing a research group with such a creative and pleasant working-atmosphere.

[1]  Bernhard Kauer,et al.  Authenticated booting for L4 , 2004 .

[2]  Mark S. Miller,et al.  Capability Myths Demolished , 2003 .

[3]  Daniel F. Sterne,et al.  Practical Domain and Type Enforcement for UNIX , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[4]  Hermann Härtig,et al.  Security architectures revisited , 2002, EW 10.

[5]  Carl E. Landwehr,et al.  On Access Checking in Capability-Based Systems , 1986, IEEE Transactions on Software Engineering.

[6]  Sushil Jajodia,et al.  Policies, Models, and Languages for Access Control , 2005, DNIS.

[7]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[8]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[9]  Jonathan M. Smith,et al.  EROS: a fast capability system , 1999, SOSP.

[10]  Hermann Härtig,et al.  Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors , 2004, EW 11.

[11]  Mike Hibler,et al.  The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[12]  Daniel F. Sterne,et al.  A Domain and Type Enforcement UNIX Prototype , 1995, Comput. Syst..

[13]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[14]  Peter J. Denning,et al.  Third Generation Computer Systems , 1971, CSUR.

[15]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[16]  Jaehong Park,et al.  Originator control in usage control , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[17]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[18]  Jonathan M. Smith,et al.  Eros: a capability system , 1999 .

[19]  Hermann Härtig,et al.  The Nizza secure-system architecture , 2005, 2005 International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[20]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[21]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[22]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[23]  Gmd – German National Research Center for Information Technology , 1996 .

[24]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[25]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[26]  Jonathan K. Millen,et al.  A resource allocation model for denial of service , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[27]  Robert C. Daley,et al.  The multics virtual memory , 1969, SOSP '69.

[28]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[29]  Michael Groß,et al.  Vertrauenswürdiges Booten als Grundlage authentischer Basissysteme , 1991, VIS.

[30]  Paul A. Karger,et al.  Improving security and performance for capability systems , 1988 .

[31]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[32]  Li Gong,et al.  A secure identity-based capability system , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[33]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.