Ensuring secure information ow within programs in the context of multiple sensitivity l e v els has been widely studied. Especially noteworthy is Denning's work in secure ow analysis and the lattice model 6] 7]. Until now, however, the soundness of Denning's analysis has not been established satisfactorily. W e f o r m ulate Denning's approach a s a type system and present a notion of soundness for the system that can be viewed as a form of noninterference. Soundness is established by proving, with respect to a standard programming language semantics, that all well-typed programs have this noninterference property.
A virtual machine monitor (VMM) allows multiple operating systems to run concurrently on virtual machines (VMs) on a single hardware platform. Each VM can be treated as an independent operating system platform. A secure VMM would enforce an overarching security policy on its VMs.The potential benefits of a secure VMM for PCs include: a more secure environment, familiar COTS operating systems and applications, and enormous savings resulting from the elimination of the need for separate platforms when both high assurance policy enforcement, and COTS software are required. This paper addresses the problem of implementing secure VMMs on the Intel Pentium architecture. The requirements for various types of VMMs are reviewed. We report an analysis of the virtualizability of all of the approximately 250 instructions of the Intel Pentium platform and address its ability to support a VMM. Current "virtualization" techniques for the Intel Pentium architecture are examined and several security problems are identified. An approach to providing a virtualizable hardware base for a highly secure VMM is discussed.
1 . We examine the concept of security as a dimension of Quality of Service in distributed systems. Implicit to the concept of Quality of Service is the notion of choice or variation. Security services also offer a range of choice both from the user perspective and among the underlying resources. We provide a discussion and examples of user-specified security variables and show how the range of service levels associated with these variables can support the provision of Quality of Security Service, whereby security is a constructive network management tool rather than a performance obstacle. We also discuss various design implications regarding security ranges provided in a QoS-aware distributed system.
A wide range of security services may be available to applications in a heterogeneous computer network environment. Resource Management Systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services an RMS needs to manage, a preliminary security service taxonomy is defined. The taxonomy is used as a framework for defining the costs associated with network security services.
NSF
Not applicableApproved for public release; distribution is unlimited.Securing the supply chain of integrated circuits is of the utmost importance to computer security. In addition to counterfeit microelectronics, the theft or malicious modification of designs in the foundry can result in catastrophic damage to critical systems and large projects. In this Technical Report, we describe a 3D architecture that splits a design into two separate tiers: one tier that contains critical security functions is manufactured in a trusted foundry; another tier is manufactured in an unsecured foundry. We argue that a split manufacturing approach to hardware trust based on 3D integration is viable and provides several advantages over other approaches.Hardware-oriented security and trust, 3D integration, trustworthy system development, policy enforcement, cryptographic hardware, embedded systems security, malicious hardware, trusted foundries
AbstractSecuring the supply chain of integrated circuits is of the utmost importance to computer security. In addition to counterfeit microelectronics, the theft or malicious modification of designs in the foundry can result in catastrophic damage to critical systems and large projects. In this Technical Report, we describe a 3D architecture that splits a design into two separate tiers: one tier that contains critical security functions is manufactured in a trusted foundry; another tier is manufactured in an unsecured foundry. We argue that a split manufacturing approach to hardware trust based on 3D integration is viable and provides several advantages over other approaches.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.