A security retrofit of VMl370

The VM/370 Security Retrofit Program is a continuing research and development initiative, funded by the Defense Advanced Research Projects Agency (DARPA), with additional funding provided by the Canadian Department of N ational Defense. The program's primary goal is the security retrofit of a popular commercial operating system, VM/370. 1 Two approaches were originally planned: (1) the design of a feasible, formally verified security kernel to VM/370 and (2) a "hardening" effort to repair known VM/370 penetration weaknesses. It was subsequently decided not to proceed with the VM/370 hardening task because of the uncertainty of the end result: correction of known security flaws does not guarantee the absence of exploitable, but not yet detected, security flaws in the hardened system. In the first year of the research program, the feasibility of adding a security kernel to VM/370 was studied and a kernel design for the system was produced. The retrofitted system is called K VM/370 (for Kernelized VM/370). The security enforcement mechanism, the kernel, must implement a reference monitor2 that enforces a security policy. A security kernel is a reference monitor that: