A further note on the confinement problem

“Confinement”, in computer systems, is the ability to limit the amount of damage that can be done by malicious or malfunctioning software. Confinement is a requirement when either security or safety is a concern. The authors demonstrate why the access control mechanisms of common operating systems do not constitute a confinement mechanism. They describe the early confinement mechanism mandated by the Trusted Computing System Evaluation Criteria and note its shortcomings. They summarize prior attempts to overcome those shortcomings. They describe an alternative confinement mechanism called “type enforcement” that was invented by the authors in 1984 and subsequently implemented in several secure computers. They show how type enforcement overcomes the limitations of the early mechanisms and outline its uses, with special emphasis on the way in which the type enforcement mechanism supports assurance and safety. They conclude by describing the application of type enforcement to the problem of confining the actions of “mobile agents”, which are active agents downloaded to client machines from servers

[1]  Daniel F. Sterne,et al.  Practical Domain and Type Enforcement for UNIX , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[2]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[3]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .

[4]  H. K. Berg Formal methods of program verification and specification , 1982 .

[5]  J. Thomas Haigh,et al.  Noninterference and unwinding for LOCK , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[6]  Richard Y. Kain,et al.  Secure Computing: The Secure Ada Target Approach , 1985 .

[7]  John McHugh,et al.  An Experience Using Two Covert Channel Analysis Techniques on a Real System Design , 1986, IEEE Transactions on Software Engineering.

[8]  William D. Young,et al.  Secure Ada Target: Issues, System Design, and Verification , 1985, 1985 IEEE Symposium on Security and Privacy.

[9]  Jerome H. Saltzer,et al.  The Multics kernel design project , 1977, SOSP '77.

[10]  J. Thomas Haigh,et al.  Extending The Non-Interference Version Of MLS For Sat , 1987, 1986 IEEE Symposium on Security and Privacy.

[11]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[12]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[13]  Clark Weissman,et al.  Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[14]  A. Retrospective,et al.  The UNIX Time-sharing System , 1977 .

[15]  Robert C. Daley,et al.  The Multics virtual memory , 1972, Commun. ACM.

[16]  Dan Thomsen,et al.  Role-Based Application Design and Enforcement , 1990, Database Security.

[17]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1977, POPL.

[18]  Raymond M. Wong A comparison of secure UNIX operating systems , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[19]  Theodore M. P. Lee,et al.  Using mandatory integrity to enforce 'commercial' security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[20]  Dan Thomsen,et al.  A comparison of type enforcement and Unix setuid implementation of well-formed transactions , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[21]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[22]  Carl E. Landwehr,et al.  On Access Checking in Capability-Based Systems , 1986, IEEE Transactions on Software Engineering.

[23]  Todd Fine,et al.  Assuring Distributed Trusted Mach , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[24]  Roger R. Schell,et al.  Mechanism Sufficiency Validation by Assignment , 1981, 1981 IEEE Symposium on Security and Privacy.

[25]  O. Sami Saydjari,et al.  LOCK trek: navigating uncharted space , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.