Filters








199 Hits in 3.8 sec

Engineering a security kernel for Multics

Michael D. Schroeder
1975 Proceedings of the fifth symposium on Operating systems principles - SOSP '75  
This paper describes a research project to engineer a security kernel for Multics, a general-purpose, remotely accessed, multiuser computer system.  ...  The paper presents the overall viewpoint and plan for the project and discusses initial strategies being employed to define and structure the security kernel.  ...  Clark, A. Jones, and D. Redell.  ... 
doi:10.1145/800213.806518 dblp:conf/sosp/Schroeder75 fatcat:nbceukdiarhnxkojlzk5v2hcqm

Engineering a security kernel for Multics

Michael D. Schroeder
1975 ACM SIGOPS Operating Systems Review  
This paper describes a research project to engineer a security kernel for Multics, a general-purpose, remotely accessed, multiuser computer system.  ...  The paper presents the overall viewpoint and plan for the project and discusses initial strategies being employed to define and structure the security kernel.  ...  Clark, A. Jones, and D. Redell.  ... 
doi:10.1145/1067629.806518 fatcat:l7rwu3onirf75h7flcjhglppku

The Multics kernel design project

Michael D. Schroeder, David D. Clark, Jerome H. Saltzer
1977 ACM SIGOPS Operating Systems Review  
We describe a plan to create an auditable version of Multics. The engineering experiments of that plan are now complete.  ...  Type extension as a design discipline has been demonstrated feasible, even for the internal workings of an operating system, where many subtle intermodule dependencies were discovered and controlled.  ...  The Engineering studies for the Multics Kernel As suggested, one of the key parts of this project was a series of prototype implementations of simplifying ideas for the kernel.  ... 
doi:10.1145/1067625.806546 fatcat:fjiklkpy2vf5fgebsfortvk7te

The Multics kernel design project

Michael D. Schroeder, David D. Clark, Jerome H. Saltzer
1977 Proceedings of the sixth symposium on Operating systems principles - SOSP '77  
We describe a plan to create an auditable version of Multics. The engineering experiments of that plan are now complete.  ...  Type extension as a design discipline has been demonstrated feasible, even for the internal workings of an operating system, where many subtle intermodule dependencies were discovered and controlled.  ...  The Engineering studies for the Multics Kernel As suggested, one of the key parts of this project was a series of prototype implementations of simplifying ideas for the kernel.  ... 
doi:10.1145/800214.806546 dblp:conf/sosp/SchroederCS77 fatcat:2dwq3y5vqfgavlw3qxdnegbspi

Using Proven Reference Monitor Patterns for Security Evaluation

Mark Heckman, Roger Schell
2016 Information  
This paper explains how the TCSEC and its Trusted Network Interpretation (TNI) constitute a set of security patterns for large, complex and distributed systems and how those patterns have been repeatedly  ...  An associated systematic security engineering and evaluation methodology was codified as an engineering standard in the Trusted Computer System Evaluation Criteria (TCSEC).  ...  Acknowledgments: Roger Schell, one of the authors, was a member of the executive management of organizations, including Gemini Computers, Inc., and Aesec Corporation, participating in the design and delivery  ... 
doi:10.3390/info7020023 fatcat:frczzwdtvfbmvaf3gv4cu72quu

Dynamic linking and environment initialization in a multi-domain process

Philippe A. Janson
1975 Proceedings of the fifth symposium on Operating systems principles - SOSP '75  
As part of an effort to engineer a security kernel for Multics, the dynamic linker has been removed from the domain of the security kernel.  ...  The resulting implementation of the dynamic linking function requires minimal security kernel support and is consistent with the principle of least privilege.  ...  Thus, the two primary reasons for including a mechanism in the security kernel are absent.  ... 
doi:10.1145/800213.806520 dblp:conf/sosp/Janson75 fatcat:a6kpz2po2zag5ddjxxbsavif5q

AN INTERVIEW WITH

J. J. Barr
1973 Journal - American Water Works Association  
Lipner is a computer security pioneer with more than 40 years of experience as a researcher, development manager, and general manager in IT Security.  ...  He helped form and served on the Anderson Panel for the Air Force in the early 1970s (was MITRE's representative), oversaw path breaking computer security high assurance mathematical model work at MITRE  ...  And to get a high degree of assurance for that we felt that you had to have a lot less code than even in the Multics operating system kernel, or Multics operating system.  ... 
doi:10.1002/j.1551-8833.1973.tb01886.x fatcat:uvk4omcwcvfkxjbgaescecvo5m

Operating System Security

Trent Jaeger
2008 Synthesis Lectures on Information Security Privacy and Trust  
Glenn Faden is a Distinguished Engineer in the Solaris Security Technologies Group, and has worked at Sun for 19 years.  ...  He designed Sun's multilevel desktops based on Open Look, CDE, and GNOME; he holds a patent for the underlying X11 security policy.  ...  Secondly, the Multics project team represented university and industry researchers in addition to a variety of government and industry engineers.  ... 
doi:10.2200/s00126ed1v01y200808spt001 fatcat:o7qgtis6zffr3disdujoq4izaa

Editor's preface to the Bell-LaPadula model

Jonathan Millen
1996 Journal of Computer Security  
The Multics Interpretation [5] revised the rules to be a better match for the Multics kernel primitives,. and it added the discretionary security property as an axiom, which stated explicitly that current  ...  There was also a "Unified Exposition and Multics Interpretation".  ...  The Bell-LaPadula modelling style had considerable influence beyond its use for Secure Multics.  ... 
doi:10.3233/jcs-1996-42-306 fatcat:xxcf6gwwufe3dkzvepejg2ypcq

Bell–La Padula Model [chapter]

David Naccache, Friedrich L. Bauer, Ebru Celikel Cankaya, David Elliott Bell, Burt Kaliski, Anne Canteaut, CISSP Aaron Estes, Jonathan K. Millen, Berk Sunar, Bodo Möller, Burt Kaliski, Nary Subramanian (+38 others)
2011 Encyclopedia of Cryptography and Security  
Secure Operating System (KSOS) [11] , the Provably Secure Operating System (PSOS) [12] , the Kernelized Virtual Machine (KVM) [13] , and Multics [14] .  ...  For Multics (and by inheritance, for Unix), control of objects (segments in Multics, directories and files in Unix) is limited by access to the object's parent directory.  ... 
doi:10.1007/978-1-4419-5906-5_811 fatcat:g3kaqwzmpjetpovxffihymiahm

History of US Government Investments in Cybersecurity Research: A Personal Perspective

Carl E. Landwehr
2010 2010 IEEE Symposium on Security and Privacy  
Difficulties in accurately measuring the level of U.S. government research funding for cyber security are first described.  ...  The essay is written for the thirtieth anniversary meeting of the IEEE Symposium on Security and Privacy, held in May 2010.  ...  , and corrections, and for helpful conversations.  ... 
doi:10.1109/sp.2010.41 dblp:conf/sp/Landwehr10 fatcat:ytpufgvy45enji6jspettzrn5u

Perspectives on protection and security

Butler Lampson
2015 SOSP History Day 2015 on - SOSP '15  
1968 , NIST 1992 (Rushby 1981)  One way is a security kernel: apps are not in the TCB.  ...  Foundation: Isolation  A host isolates an execution environment  The basis for any security.  ...  In the real world, good security is a bank vault ▬ Hardly any computer systems have anything like this ▬ We only know how to make simple things secure  Access control doesn't work-40 years of experience  ... 
doi:10.1145/2830903.2830905 dblp:conf/sosp/Lampson15 fatcat:f3a7fr6wxrgcbpnuik4dwkxyqm

Engineering authority and trust in cyberspace

Ravi Sandhu
2000 Proceedings of the fifth ACM workshop on Role-based access control - RBAC '00  
No information leakage Lattices (Bell-LaPadula) Security kernel Security labels A s s u r a n c e 6 © Ravi Sandhu 2001 OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC) What?  ...  © Ravi Sandhu 2001 MODEL CUSTOMIZATION v Can formalize the administrative rules given earlier v For each simulation model designate a unique user to be the chief security administrator who is authorized  ... 
doi:10.1145/344287.344309 dblp:conf/rbac/Sandhu00 fatcat:rl7kp62aefdlbjvk5frvhqedae

Lessons from VAX/SVS for High Assurance VM Systems

Mary Ellen Zurko, Steve Lipner, Trent Jaeger
2012 IEEE Security and Privacy  
His early insights had a tremendous impact on the system.  ...  I n May 1990, "A VMM Security Kernel for the VAX Architecture" was lead paper and Best Paper Award winner at the IEEE Symposium on Security and Privacy. 1 " e Auditing Facility for a VMM Security Kernel  ...  Paul Karger and Steve Lipner were associated with the US Air Force Multics Guardian Project, 5 intended to modify Multics to incorporate a high-assurance security kernel, and with SCOMP (Secure Communications  ... 
doi:10.1109/msp.2012.87 fatcat:4pfygm5korg7rmdjywj2xw62wi

A VMM security kernel for the VAX architecture

P.A. Karger, M.E. Zurko, D.W. Bonin, A.H. Mason, C.E. Kahn
1990 Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy  
This paper describes the development of a virtual-machine monitor (VMM) security kernel for the VAX architecture.  ...  The VAX security kernel has been developed with a heavy emphasis on performance and on system management tools.  ...  The Multics Access Isolation Mechanism [36] was developed on Multics itself, but Multics with AIM was not a security kernel and only received a B2 rating.  ... 
doi:10.1109/risp.1990.63834 dblp:conf/sp/KargerZBMK90 fatcat:sxir3rrvlfehrea4atviaamyfa
« Previous Showing results 1 — 15 out of 199 results