This paper presents our work concerning flexibility and protection in operating system kernels. In most existing operating systems, security is enforced at the price of flexibility by imposing protection models on the system programmer when building his system. We prove that flexibility can be preserved by separating the management of the protection policy from the tools used to enforce it. We present the secure software framework we have implemented in the THINK architecture to manage protection policies and guarantee they are carried out as specified. We then detail the elementary protection tools provided to the programmer so he can protect his system against unauthorized accesses and denial of service attacks. These tools are implemented in a policy-neutral way so as to guarantee their flexibility. Finally we validate our results by evaluating the flexibility of the protection provided on selected examples of dynamic modification of the protection policy.
[1]
B. Lampson,et al.
Protection 1
,
2022
.
[2]
Dr. Pierre Deransart,et al.
Prolog: The Standard
,
1996,
Springer Berlin Heidelberg.
[3]
Brian N. Bershad,et al.
Lightweight remote procedure call
,
1989,
TOCS.
[4]
Philip Zimmermann,et al.
PGP source code and internals
,
1995
.
[5]
Robert Wahbe,et al.
Efficient software-based fault isolation
,
1994,
SOSP '93.
[6]
Dawson R. Engler,et al.
Exokernel: an operating system architecture for application-level resource management
,
1995,
SOSP.
[7]
Julia L. Lawall,et al.
Proceedings of the 2002 Usenix Annual Technical Conference Think: a Software Framework for Component-based Operating System Kernels
,
2022
.
[8]
Yale N. Patt,et al.
Scheduling algorithms for modern disk drives
,
1994,
SIGMETRICS 1994.
[9]
Pierre Deransart,et al.
Prolog - the standard: reference manual
,
1996
.