Least Privilege in Separation Kernels

نویسندگان

  • Timothy E. Levin
  • Cynthia E. Irvine
  • Thuy D. Nguyen
چکیده

We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects provides enhanced protection for secure systems.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Least Privilege Model for Static Separation Kernels

We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We ...

متن کامل

Specification of Authorisation Services

This document describes MAFTIA authorisation services and how they will be implemented in the MAFTIA architecture. The authorisation services implement a fine grain protection, i.e., capable of protecting each object method invocation, in order to satisfy as much as possible the least privilege principle and to obtain the best protection efficacy. The authorisation schemes are flexible and rich...

متن کامل

Implementing privilege separation in the Condor system

In this paper we discuss, in some depth, our restricted implementation of privilege separation for the Condor system ([1], [2]) (in the Linux environment), and, in addition, we describe our proposed architecture for communication between privilege separated daemons in the Condor system. This architecture, if adopted, would allow each daemon to conform to principle of least privilege, thus signi...

متن کامل

A Quantitative Evaluation of Privilege Separation in Web Browser Designs

Privilege separation is a fundamental security concept that has been used in designing many secure systems. A number of recent works propose redesigning web browsers with greater privilege separation for better security. In practice, however, privilege-separated designs require a fine balance between security benefits and other competing concerns, such as performance. In fact, performance overh...

متن کامل

A Java Operating System as the Foundation of a Secure Network Operating System

Errors in the design and implementation of operating system kernels and system programs lead to security problems that very often cause a complete breakdown of all security mechanisms of the system. We present the architecture of the JX operating system, which avoids two categories of these errors. First, there are implementation errors, such as buffer overflows, dangling pointers, and memory l...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006