Assuring Distributed Trusted Mach

Distributed Trusted Mach (DTMach) is an operating system designed by Secure Computing Corporation. The goal of the project is to use the Mach 3.0 kernel as the base for a secure, distributed system. As a first step in developing the DTMach security policy, a categorization of general security concerns was constructed. Concerns that were not adequately addressed by the Mach 3.0 kernel indicated potential security vulnerabilities. The authors describe these general security concerns, the manner in which the Mach 3.0 kernel addresses each concern, and the manner in which DTMach addresses each concern. The focus is on the DTMach security policy and security mechanisms. It is first necessary to identify the general threats against which DTMach must protect. The next step is to identify control mechanisms that are sufficient to protect against each of the threats. The DTMach design makes extensive use of type enforcement in addressing the threats. The general threats and the countermeasures provided by DTMach are described, which provide more evidence of the usefulness of type enforcement in general and the high assurance provided by the DTMach type of enforcement policy