A hardware architecture for implementing protection rings

Schroeder, Michael; Saltzer, Jerome H.

doi:10.1145/361268.361275

Cited by 148 publications

(37 citation statements)

References 10 publications

(7 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We are also exploring multilevel aware collaboration services, and the addition of QoSS to services other than network security. Additional future work includes a Network File System (NFS) port enhanced with ring-like privileges [68] in the user domain, to help constrain the behavior of applications, and a multilevel aware or multilevel DNS service [20].…”

Section: Discussionmentioning

confidence: 99%

MYSEA: The Monterey Security Architecture

Irvine¹,

Nguyen²,

Shifflett³

et al. 2009

View full text Add to dashboard Cite

Mandated requirements to share information across different sensitivity domains necessitate the design of distributed architectures to enforce information flow policies while providing protection from malicious code and attacks devised by highly motivated adversaries. The MYSEA architecture uses component security services and mechanisms to extend and inter-operate with commodity PCs, commodity client software, applications, trusted components, and legacy single level networks, providing new capabilities for composing secure, distributed multilevel secure solutions. This results in an architecture that meets two compelling requirements: first, that users have a familiar work environment, and, second, that critical mandatory security policies are enforced.

show abstract

Section: Discussionmentioning

confidence: 99%

MYSEA: The Monterey Security Architecture

Irvine¹,

Nguyen²,

Shifflett³

et al. 2009

View full text Add to dashboard Cite

show abstract

“…HiStar uses gates for protected control transfer, an idea dating back to Multics [21]. However, HiStar's protection domains are not hierarchical like Multics rings.…”

Section: Related Workmentioning

confidence: 99%

Making information flow explicit in HiStar

et al. 2011

View full text Add to dashboard Cite

HiStar is a new operating system designed to minimize the amount of code that must be trusted. HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of applications. HiStar's security features make it possible to implement a Unix-like environment with acceptable performance almost entirely in an untrusted user-level library. The system has no notion of superuser and no fully trusted code other than the kernel. HiStar's features permit several novel applications, including an entirely untrusted login process, separation of data between virtual private networks, and privacypreserving, untrusted virus scanners.

show abstract

“…[2] The label space may support confidentiality and integrity policies as well as non-hierarchical categories, [26] A security kernel usually provides a hardware-supported ring abstraction [43][44] and can host trusted subjects. [39] The rings can separate applications within a process.…”

Section: Security Kernelmentioning

confidence: 99%

“…The "second-order" policy of PK-based architectures is not as concrete as the EP architecture's MLS model. Also, the MILS architecture lacks an overarching abstraction like rings for organizing program integrity and privilege [43]: those considerations must be handled in an ad hoc fashion via restrictions defined in AC-subject configuration data. As a result, it is more likely that the intended MLS policy can be undermined in a MILS-or LP-based system through programmer and verifier confusion (e.g., in constructing either the AC-subject or the configuration tool).…”

Section: Structural Abstractionsmentioning

confidence: 99%

Analysis of three multilevel security architectures

Levin

Irvine

Weissman

et al. 2007

Proceedings of the 2007 ACM Workshop on Computer Security Architecture

View full text Add to dashboard Cite

Various system architectures have been proposed for high assurance enforcement of multilevel security. This paper provides an analysis of the relative merits of three architectural types -one based on a security kernel, another based on a traditional separation kernel, and a third based on a least-privilege separation kernel. We introduce the Least Privilege architecture, which incorporates security features from the recent "Separation Kernel Protection Profile," and show how it can provide several unique aspects of security and assurance, although each architecture has advantages.

show abstract

A hardware architecture for implementing protection rings

Cited by 148 publications

References 10 publications

MYSEA: The Monterey Security Architecture

MYSEA: The Monterey Security Architecture

Making information flow explicit in HiStar

Analysis of three multilevel security architectures

Contact Info

Product

Resources

About