A Domain and Type Enforcement UNIX Prototype

نویسندگان

  • Lee Badger
  • Daniel F. Sterne
  • David L. Sherman
  • Kenneth M. Walker
چکیده

UNIX system security today often relies on cor rect operation of numerous privileged subsystems and careful attention by expert system administra tors In the context of global and possibly hostile networks these traditional UNIX weaknesses raise a legitimate question about whether UNIX systems are appropriate platforms for processing and safe guarding important information resources Domain and Type Enforcement DTE is an access control technology for partitioning host operating systems such as UNIX into access control domains Such partitioning has promise both to enforce organiza tional security policies that protect special classes of information and to generically strengthen operat ing systems against penetration attacks This paper reviews the primary DTE concepts discusses their application to IP networks and NFS and then de scribes the design and implementation of a DTE UNIX prototype system

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Confining Root Programs with Domain and Type Enforcement

0. Abstract The pervasive use of the root privilege is a central problem for UNIX security because an attacker who subverts a single root program gains complete control over a computing system. Domain and type enforcement (DTE) is a strong, configurable operating system access control technology that can minimize the damage root programs can cause if subverted. DTE does this by preventing group...

متن کامل

A Comparison of Type Enforcement and Unix

Two security mechanisms are compared and contrasted based on their implementation of Clark and Wilson's concept of well-formed transactions.

متن کامل

Hardware Enforcement of Application Security Policies Using Tagged Memory

Computers are notoriously insecure, in part because application security policies do not map well onto traditional protection mechanisms such as Unix user accounts or hardware page tables. Recent work has shown that application policies can be expressed in terms of information flow restrictions and enforced in an OS kernel, providing a strong assurance of security. This paper shows that enforce...

متن کامل

Providing Policy Control Over Object Operations in a Mach-Based System

In both secure and safety-critical systems it is desirable to have a very clear relationship between the system’s mandatory security policy and its proven operational semantics. This relationship is made clearer if the system architecture provides strong separation between the enforcement mechanisms and the policy decisions, and if the policy decision software is clearly identifiable in the sys...

متن کامل

Enforcing Well-Formed and Partially-Formed Transactions for UNIX

While security is a critical component of information systems, at times it can be frustrating for end users. Security systems exist to minimise the risks of allowing users to access and modify data, but rarely do they consider the risks of not granting access. This paper describes an access control system which is optimistic, i.e. it assumes accesses are legitimate , and allows audit and recove...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Computing Systems

دوره 9  شماره 

صفحات  -

تاریخ انتشار 1995