A VMM security kernel for the VAX architecture

Karger, Paul A.; Zurko, Mary Ellen; Bonin, D.W.; Mason, Alex; Kahn, C.

doi:10.1109/risp.1990.63834

Cited by 52 publications

(25 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Today, discussions of layered design tend to introduce additional complexity by allowing a richer tree of objects. SVS was an almost pure sequence of single layers (see Figure 1, from [1]). The absolute simplicity of the layering of the system is what gave the layered design some of its power as a structure for both call flow and overall system organization.…”

Section: Layered Designmentioning

confidence: 99%

“…In May of 1990, "A VMM Security Kernel for the VAX Architecture" [1] was lead paper at the IEEE Symposium on Security and Privacy, and was awarded Best Paper. "The Auditing Facility for a VMM Security Kernel" [2] was also presented that year, and the year after, two papers on covert channels, "An Analysis of Covert Timing Channels" [3] and "Storage Channels in Disk Arm Optimization" [4] were presented.…”

Section: Introductionmentioning

confidence: 99%

“…More than 20 years later, we are taking this opportunity to highlight what we consider to be the most important results from [1], with an eye toward how they can inform how high assurance systems are considered and built today.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Lessons from VAX/SVS for High Assurance VM Systems

Lipner

Jaeger

Zurko

2012

IEEE Secur. Privacy Mag.

View full text Add to dashboard Cite

VAX/SVS was a high assurance virtual machine monitor (VMM) project, documented in several published papers from the 1990's. We take a look back, extracting the most pertinent lessons from that work for today. These lessons cover reference monitor architectural principles, approaches to verifiable and tamperproof access control, the benefits of layering, the impacts of minimization and verification, and the business reasons behind its cancellation as a product.

show abstract

Section: Layered Designmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Lessons from VAX/SVS for High Assurance VM Systems

Lipner

Jaeger

Zurko

2012

IEEE Secur. Privacy Mag.

View full text Add to dashboard Cite

show abstract

“…Various virtual machine monitor approaches have been suggested [14,42,7] for supporting COTS applications while reliably separating different domains of data. In general, for these approaches to be trustworthy requires both the use of strictly virtualizable hardware [29], and a trustworthy monitor mechanism for separating the activities of the virtual machines.…”

Section: Related Workmentioning

confidence: 99%

“…Creating a monitor sufficiently trusted to both separate different domains of activity, and allow read-down to less sensitive domains (as does MYSEA) is all the more difficult. While at least one was designed to provide high assurance read-down capabilities [42], it was never fielded. The VMM approach remains problematic for separation of different domains of data because of the difficulty of creating a trusted VMM.…”

Section: Related Workmentioning

confidence: 99%

MYSEA: The Monterey Security Architecture

Irvine¹,

Nguyen²,

Shifflett³

et al. 2009

View full text Add to dashboard Cite

Mandated requirements to share information across different sensitivity domains necessitate the design of distributed architectures to enforce information flow policies while providing protection from malicious code and attacks devised by highly motivated adversaries. The MYSEA architecture uses component security services and mechanisms to extend and inter-operate with commodity PCs, commodity client software, applications, trusted components, and legacy single level networks, providing new capabilities for composing secure, distributed multilevel secure solutions. This results in an architecture that meets two compelling requirements: first, that users have a familiar work environment, and, second, that critical mandatory security policies are enforced.

show abstract

A Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems

Irvine

Levin

2002

Integrity, Internal Control and Security in Information Systems

View full text Add to dashboard Cite

The need to provide standard commercial-grade productivity applications as the general purpose user interface to high-assurance data processing environments is compelling, and has resulted in proposals for several di erent t ypes of \trusted" systems. We c haracterize some of these systems as a class of architecture. We discuss the general integrity property that systems can only be trusted to manage modi able data whose integrity is at or below that of their interface c omponents. One e ect of this property is that in terms of integrity these hybrid-security systems are only applicable to processing environments where the integrity of data is consistent with that of low-assurance software. Several examples are provided of hybrid-security systems subject to these limitations.

show abstract

A VMM security kernel for the VAX architecture

Cited by 52 publications

References 11 publications

Lessons from VAX/SVS for High Assurance VM Systems

Lessons from VAX/SVS for High Assurance VM Systems

MYSEA: The Monterey Security Architecture

A Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems

Contact Info

Product

Resources

About