This paper discusses how mandatory access mediation and discretionary access mediation are performed in the Trusted Mach (TMach) kemel, a system that uses message passing as its primary means of communication both between tasks and with the kernel. As a consequence, control of interprocess communication in the TMach kernel is a central concem whereas controlled sharing of segments is the central focus in trusted systems with a more traditional architecture.
Trusted Mach (TMach) is a message-passing, serveroriented system being targeted at the B3 level of the Trusted Computer System Evaluation Criteria (TCSEC). Its architecture differs from the security kemel plus layers structure that was established for trusted systems by Multics. This paper examines security issues associated with its dependence upon capability-like mechanisms and TMach's use of servers.A brief rationale for its compliance with TCSEC architectural requirements is presented. Why the structure of the TMach trusted computing base makes it readily extensible, amenable to the inclusion of trusted applications, is also discussed.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.