A Retrospective on the VAX VMM Security Kernel

The development of a virtual-machine monitor (VMM) security kernel for the VAX architecture is described. The focus is on how the system's hardware, microcode, and software are aimed at meeting A1-level security requirements while maintaining the standard interfaces and applications of the VMS and ULTRIX-32 operating systems. The VAX security kernel supports multiple concurrent virtual machines on a single VAX system, providing isolation and controlled sharing of sensitive data. Rigorous engineering standards were applied during development to comply with the assurance requirements for verification and configuration management. The VAX security kernel has been developed with a heavy emphasis on performance and system management tools. The kernel performs sufficiently well that much of its development was carried out in virtual machines running on the kernel itself, rather than in a conventional time-sharing system. >

[1]  Timothy E. Leonard VAX architecture reference manual , 1987 .

[2]  T. A. Berson,et al.  KSOS - Development methodology for a secure operating system , 1899 .

[3]  D. P. Reed,et al.  PROCESSOR MULTIPLEXING IN A LAYED OPERATING SYSTEM , 1976 .

[4]  Paul T. Robinson,et al.  Virtualizing the VAX architecture , 1991, ISCA '91.

[5]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[6]  Gerald J. Popek,et al.  Formal requirements for virtualizable third generation architectures , 1974, SOSP '73.

[7]  Richard A. Kemmerer A Practical Approach to Identifying Storage and Timing Channels , 1982, 1982 IEEE Symposium on Security and Privacy.

[8]  Philippe A. Janson Using type-extension to organize virtual-memory mechanisms , 1981, OPSR.

[9]  Barry D. Gold,et al.  KVM/370 in Retrospect , 1984, 1984 IEEE Symposium on Security and Privacy.

[10]  John C. Wray An Analysis of Covert Timing Channels , 1992, J. Comput. Secur..

[11]  Paul Green,et al.  Design for Multics Security Enhancements , 1973 .

[12]  Steven B. Lipner,et al.  A comment on the confinement problem , 1975, SOSP.

[13]  T. W. Parnaby Paul R. Halmos, Naive Set Theory (Van Nostrand, Princeton, 1960), 26s. 6d. , 1961 .

[14]  R. Rhode Secure Multilevel Virtual Computer Systems. , 1975 .

[15]  David P. Reed,et al.  Synchronization with eventcounts and sequencers , 1979, CACM.

[16]  Sudhindra N. Mishra,et al.  The VAX 8800 Microarchitecture , 1987, COMPCON.

[17]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[18]  Wei-Ming Hu Reducing Timing Channels with Fuzzy Time , 1992, J. Comput. Secur..

[19]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[20]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[21]  Lyle A. Cox,et al.  The Structure of a Security Kernel for the Z8000 Multiprocessor , 1981, 1981 IEEE Symposium on Security and Privacy.

[22]  Marvin Schaefer,et al.  Program confinement in KVM/370 , 1977, ACM '77.

[23]  B. D. Gold,et al.  A security retrofit of VM/370 , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[24]  Edsger W. Dijkstra,et al.  The structure of the “THE”-multiprogramming system , 1968, CACM.

[25]  M. Malik,et al.  Operating Systems , 1992, Lecture Notes in Computer Science.

[26]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[27]  Stuart E. Madnick,et al.  Application and analysis of the virtual machine approach to information system security and isolation , 1973, Workshop on Virtual Computer Systems.

[28]  K. F. Seiden,et al.  The auditing facility for a VMM security kernel , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[29]  David Clark,et al.  Computers at risk: safe computing in the information age , 1991 .

[30]  Paul A. Karger,et al.  Storage channels in disk arm optimization , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[31]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[32]  Sidney G. Winter,et al.  Naive Set Theory , 2021, Essential Mathematics for Undergraduates.

[33]  L. J. Fraim Scomp: A Solution to the Multilevel Security Problem , 1983, Computer.

[34]  Robert P. Goldberg,et al.  Architectural Principles for Virtual Computer Systems , 1973 .

[35]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .

[36]  Gerald J. Popek,et al.  The PDP-11 virtual machine architecture: A case study , 1975, SOSP.