New thinking about information technology security

This is the last of three related papers exploring how contemporary computer architecture affects security. It brings together the concepts introduced in the earlier papers and presents a generalized approach to protection, isolation, and access control. We call this approach the Generalized Trusted Computing Base. Based upon the 'divide and conquer' approach) to achieving protection, understandability, and flexibility, the result is a more flexible solution than the rigid hierarchical organization identified in the Trusted Database Interpretation or the partitioning introduced in the Trusted Network Interpretation.

[1]  Mary Ellen Zurko,et al.  A VMM security kernel for the VAX architecture , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Barry D. Gold,et al.  KVM/370 in Retrospect , 1984, 1984 IEEE Symposium on Security and Privacy.

[3]  Ravi S. Sandhu A perspective on integrity mechanisms , 1989, [1989 Proceedings] Fifth Annual Computer Security Applications Conference.

[4]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[5]  Elliott I. Organick,et al.  The multics system: an examination of its structure , 1972 .

[6]  Of references. , 1966, JAMA.

[7]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[8]  Marshall D. Abrams,et al.  Extending the ISO Access Framework for Multiple Policies , 1993, SEC.

[9]  Elliott I. Organick,et al.  The Multics system , 1972 .

[10]  John Rushby A Trusted Computing Base for Embedded Systems , 1984 .

[11]  Richard J. Feiertag,et al.  A separation model for virtual machine monitors , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.