An Augmented Capability Architecture to Support Lattice Security and Traceability of Access

@article{Karger1984AnAC,
  title={An Augmented Capability Architecture to Support Lattice Security and Traceability of Access},
  author={Paul A. Karger and A. J. Herbert},
  journal={1984 IEEE Symposium on Security and Privacy},
  year={1984},
  pages={2-2}
}
  • P. Karger, A. Herbert
  • Published 1 April 1984
  • Computer Science
  • 1984 IEEE Symposium on Security and Privacy
This paper describes a protection system that supports the confinement of access as required by non-discretionary access control models such as the Bell and LaPadula lattice model. The approach is to use capability-based protection at the lowest level for implementing confined domains, in support of access control lists for expressing security policies outside the security kernel. The implementation of such a system in the context of hardware support for capabilities is discussed. 

Figures from this paper

On Access Checking in Capability-Based Systems1
TLDR
The paper shows why this problem arises and provides a taxonomy of capability-based designs and identifies a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
On Access Checking in Capability-Based Systems
TLDR
The paper shows why this problem arises and provides a taxonomy of capability-based designs and identifies a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
On Access Checking in Capability-Based Systems
TLDR
The paper shows why this problem arises and provides a taxonomy of capability-based designs and identifies a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
Paradigm Regained: Abstraction Mechanisms for Access Control
Access control systems must be evaluated in part on how well they enable one to distribute the access rights needed for cooperation, while simultaneously limiting the propagation of rights which
Capability-Based Primitives for Access Control in Object-Oriented Systems
TLDR
The architecture described is integrated at the meta-object level of the Meta-Object Operating System Environment, providing a common foundation for access control in heterogeneous object models.
The Flask Security Architecture: System Support for Diverse Security Policies
TLDR
This paper presents an operating system security architecture that solves the problems of controlling the propagation of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted access rights.
Implementation and Verification of Programmable Security
TLDR
JPAC is described, a Java extension that provides syntax for expressing discretionary package-based access control based on a variation of a ticket-based authorization model and a novel cryptographic verification formalism is used to analyze JPAC’s secure method invocation protocol.
Implementing commercial data integrity with secure capabilities
  • P. Karger
  • Computer Science
    Proceedings. 1988 IEEE Symposium on Security and Privacy
  • 1988
The author examines the model of D.D. Clark and D.R. Wilson (1987) for commercial data integrity and proposes an implementation based on his own secure capability architecture. He shows how secure
Verifying the EROS confinement mechanism
  • J. Shapiro, S. Weber
  • Computer Science
    Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000
  • 2000
TLDR
This paper presents a verification of the EROS confinement mechanism with respect to a broad class of capability architectures (including EROS) and shows that architectures covered by this model enforce the confinement requirements if a small number of initial static checks on the confined subsystem are satisfied.
A new approach to mobile code security
TLDR
This dissertation presents a novel security architecture called security-passing style and motivates its application to security issues that arise in mobile code systems such as Java using an efficient implementation that requires no special hardware or language runtime support.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 21 REFERENCES
A hardware architecture for implementing protection rings
TLDR
Hardware processor mechanisms for implementing concentric rings of protection that allow cross-ring calls and subsequent returns to occur without trapping to the supervisor are described.
A hardware implementation of capability-based addressing
TLDR
The SWARD architecture, an experimental higher-level architecture, contains the naming and protection concept of capability-based addressing, which led to a set of problems that led to the implementation of capabilities by the processor.
Protection: principles and practice
The protection mechanisms of computer systems control the access to objects, especially information objects. The range of responsibilities of these mechanisms includes at one extreme completely
A note on the confinement problem
TLDR
A set of examples attempts to stake out the boundaries of the problem by defining a program during its execution so that it cannot transmit information to any other program except its caller.
Reflections on an operating system design
The main features of a general purpose multiaccess operating system developed for the CDC 6400 at Berkeley are presented, and its good and bad points are discussed as they appear in retrospect.
Non-Discretionery Controls for Commercial Applications
  • S. Lipner
  • Computer Science
    1982 IEEE Symposium on Security and Privacy
  • 1982
The lattice model of non-discretionary access control in a secure computer system was developed in the early Seventies[BIaP]. The model was motivated by the controls used by the Defense Department
A security retrofit of VM/370
The VM/370 Security Retrofit Program is a continuing research and development initiative, funded by the Defense Advanced Research Projects Agency (DARPA), with additional funding provided by the
A comment on the confinement problem
TLDR
An approach to proving that an operating system enforces confinement, by preventing borrowed programs from writing information in storage in violation of a formally stated security policy, is presented.
Programming semantics for multiprogrammed computations
The semantics are defined for a number of meta-instructions which perform operations essential to the writing of programs in multiprogrammed computer systems. These meta-instructions relate to
An implementation of a multiprocessing computer system
TLDR
A PDP-1 computer was donated to the Electrical Engineering Department of the Massachusetts Institute of Technology in late 1961 and in May, 1963 the first time-sharing system was operational.
...
1
2
3
...