Multilevel Security in the UNIX Tradition
نویسندگان
چکیده
The original UNIX system was designed to be small and intelligible, achieving power by generality rather than by a profusion of features. In this spirit we have designed and implemented IX, a multilevel-secure variant of the Bell Labs research system. IX aims at sound, practical security, suitable for privateand public-sector uses other than critical national-security applications. The major security features are: private paths for safe cooperation among privileged processes, structured management of privilege, and security labels to classify information for purposes of privacy and integrity. The labels of files and processes are checked at every system call that involves data flow and are adjusted dynamically to assure that labels on outputs reflect labels on inputs.
منابع مشابه
Formal verification of an extension of a secure, compatible UNIX file system
We specify and formally verify security properties of an extension of a UNIX file system. Extensions include a multi-level security model, ACLs, separate MAC and DAC administration, and others. The security properties we verified are: simple security and confinement as defined in the Bell and LaPadula security model [3, 4], the standard DAC policy for ACLs, and a security policy for the adminis...
متن کاملApplications for multilevel secure operating systems
Specification of a Muitics Security Kernel," ESD-TR-77-259. Vols. I-III, The MITRE Corporation, Bedford, Massachusetts. 12. Ames. S. R., J. K. Millen. "Interface Verification for A Security Ker-nel," INFOTECH State of the Art Report: System Reliability and Integrity. Vol. 2, INFOTECH International, pp. 1-22. 13. Popek, G. J., et al.. "UCLA Data Secure UNIX-A Securable OperatingSystem: S...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کاملThe Speci cation and Implementation of ` Commercial ' Security RequirementsIncluding
A framework for the speciication of security policies is proposed. It can used to formally specify conndentiality and integrity policies, the latter can be given in terms of Clark-Wilson style access triples. The framework extends the Clark-Wilson model in that it can be used to specify dynamic segregation of duty. For application systems where security is critical, a mul-tilevel security based...
متن کاملNon Interference: Past, Present and Future
Security is a crucial property of system behaviour. It generally requires some kind of control over the information ow among parts of the system. In order to analyze these possible ows it has been introduced the Non-Interference (NI) property 7]. In particular NI was introduced to detect all the possible ows from a group of users to another one. A lot of research has been done about NI in the f...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Softw., Pract. Exper.
دوره 22 شماره
صفحات -
تاریخ انتشار 1992