An Augmented Capability Architecture to Support Lattice Security and Traceability of Access
@article{Karger1984AnAC, title={An Augmented Capability Architecture to Support Lattice Security and Traceability of Access}, author={Paul A. Karger and A. J. Herbert}, journal={1984 IEEE Symposium on Security and Privacy}, year={1984}, pages={2-2} }
This paper describes a protection system that supports the confinement of access as required by non-discretionary access control models such as the Bell and LaPadula lattice model. The approach is to use capability-based protection at the lowest level for implementing confined domains, in support of access control lists for expressing security policies outside the security kernel. The implementation of such a system in the context of hardware support for capabilities is discussed.
85 Citations
On Access Checking in Capability-Based Systems1
- Computer Science
- 2006
The paper shows why this problem arises and provides a taxonomy of capability-based designs and identifies a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
On Access Checking in Capability-Based Systems
- Computer ScienceIEEE Transactions on Software Engineering
- 1987
The paper shows why this problem arises and provides a taxonomy of capability-based designs and identifies a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
On Access Checking in Capability-Based Systems
- Computer ScienceIEEE Trans. Software Eng.
- 1987
The paper shows why this problem arises and provides a taxonomy of capability-based designs and identifies a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
Paradigm Regained: Abstraction Mechanisms for Access Control
- Computer ScienceASIAN
- 2003
Access control systems must be evaluated in part on how well they enable one to distribute the access rights needed for cooperation, while simultaneously limiting the propagation of rights which…
Capability-Based Primitives for Access Control in Object-Oriented Systems
- Computer ScienceDBSec
- 1997
The architecture described is integrated at the meta-object level of the Meta-Object Operating System Environment, providing a common foundation for access control in heterogeneous object models.
The Flask Security Architecture: System Support for Diverse Security Policies
- Computer ScienceUSENIX Security Symposium
- 1999
This paper presents an operating system security architecture that solves the problems of controlling the propagation of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted access rights.
Implementation and Verification of Programmable Security
- Computer ScienceDBSec
- 2002
JPAC is described, a Java extension that provides syntax for expressing discretionary package-based access control based on a variation of a ticket-based authorization model and a novel cryptographic verification formalism is used to analyze JPAC’s secure method invocation protocol.
Implementing commercial data integrity with secure capabilities
- Computer ScienceProceedings. 1988 IEEE Symposium on Security and Privacy
- 1988
The author examines the model of D.D. Clark and D.R. Wilson (1987) for commercial data integrity and proposes an implementation based on his own secure capability architecture. He shows how secure…
Verifying the EROS confinement mechanism
- Computer ScienceProceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000
- 2000
This paper presents a verification of the EROS confinement mechanism with respect to a broad class of capability architectures (including EROS) and shows that architectures covered by this model enforce the confinement requirements if a small number of initial static checks on the confined subsystem are satisfied.
A new approach to mobile code security
- Computer Science
- 1999
This dissertation presents a novel security architecture called security-passing style and motivates its application to security issues that arise in mobile code systems such as Java using an efficient implementation that requires no special hardware or language runtime support.
References
SHOWING 1-10 OF 21 REFERENCES
A hardware architecture for implementing protection rings
- Computer ScienceCACM
- 1972
Hardware processor mechanisms for implementing concentric rings of protection that allow cross-ring calls and subsequent returns to occur without trapping to the supervisor are described.
A hardware implementation of capability-based addressing
- Computer ScienceOPSR
- 1980
The SWARD architecture, an experimental higher-level architecture, contains the naming and protection concept of capability-based addressing, which led to a set of problems that led to the implementation of capabilities by the processor.
Protection: principles and practice
- Computer ScienceAFIPS '72 (Spring)
- 1971
The protection mechanisms of computer systems control the access to objects, especially information objects. The range of responsibilities of these mechanisms includes at one extreme completely…
A note on the confinement problem
- Computer ScienceCACM
- 1973
A set of examples attempts to stake out the boundaries of the problem by defining a program during its execution so that it cannot transmit information to any other program except its caller.
Reflections on an operating system design
- Materials ScienceCACM
- 1976
The main features of a general purpose multiaccess operating system developed for the CDC 6400 at Berkeley are presented, and its good and bad points are discussed as they appear in retrospect.…
Non-Discretionery Controls for Commercial Applications
- Computer Science1982 IEEE Symposium on Security and Privacy
- 1982
The lattice model of non-discretionary access control in a secure computer system was developed in the early Seventies[BIaP]. The model was motivated by the controls used by the Defense Department…
A security retrofit of VM/370
- Computer Science1979 International Workshop on Managing Requirements Knowledge (MARK)
- 1979
The VM/370 Security Retrofit Program is a continuing research and development initiative, funded by the Defense Advanced Research Projects Agency (DARPA), with additional funding provided by the…
A comment on the confinement problem
- Computer ScienceSOSP
- 1975
An approach to proving that an operating system enforces confinement, by preventing borrowed programs from writing information in storage in violation of a formally stated security policy, is presented.
Programming semantics for multiprogrammed computations
- Computer ScienceCACM
- 1966
The semantics are defined for a number of meta-instructions which perform operations essential to the writing of programs in multiprogrammed computer systems. These meta-instructions relate to…
An implementation of a multiprocessing computer system
- Computer ScienceSOSP
- 1967
A PDP-1 computer was donated to the Electrical Engineering Department of the Massachusetts Institute of Technology in late 1961 and in May, 1963 the first time-sharing system was operational.