论文信息 - Least Privilege in Separation Kernels

Least Privilege in Separation Kernels

We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects provides enhanced protection for secure systems.

Cynthia E. Irvine | Timothy E. Levin | Thuy D. Nguyen

[1] Franco P. Preparata,et al. Introduction to Discrete Structures for Computer Science and Engineering , 1973 .

[2] John M. Boone,et al. INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[3] Cynthia E. Irvine,et al. High robustness requirements in a Common Criteria protection profile , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[4] Benedict G. E. Wiedemann. Protection? , 1998, Science.

[5] Richard A. Kemmerer. A Practical Approach to Identifying Storage and Timing Channels , 1982, 1982 IEEE Symposium on Security and Privacy.

[6] Cynthia E. Irvine,et al. A Note on High Robustness Requirements for Separation Kernels , 2005 .

[7] Peter Loscocco,et al. Meeting Critical Security Objectives with Security-Enhanced Linux , 2001 .

[8] David P. Reed,et al. Synchronization with eventcounts and sequencers , 1979, CACM.

[9] John M. Rushby,et al. Design and verification of secure systems , 1981, SOSP.

[10] C.E. Irvine,et al. The Trusted Computing Exemplar project , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[11] Jonathan K. Millen,et al. Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[12] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.