Title :
Policy vs. mechanism in the Secure TUNIS operating system
Author :
Grenier, Guy-L ; Holt, Richard C. ; Funkenhauser, Mark
Author_Institution :
Comput. Syst. Res. Inst., Toronto Univ., Ont., Canada
Abstract :
The trusted computing base (TCB) of a secure operating system can have its security policy enforced by a small, provably correct security manager. The design of the Secure TUNIS (Toronto University system) operating system divides security concerns into policy (implemented by its security manager) and mechanism (implemented by the rest of the operating system). It is shown that this separation is a key concept in allowing Secure TUNIS to be validated, due to the isolation of security critical code and data in a small module. This design provides the basis of an implementation of a POSIX (Unix) kernel that can be certified at security levels of B3 and above. The security policy, as implemented by Secure TUNIS, is given
Keywords :
operating systems (computers); security of data; B3; POSIX (Unix) kernel; Secure TUNIS operating system; TCB; Toronto University system; mechanism; secure operating system; security critical code; security levels; security manager; security policy; trusted computing base; Access control; Books; Computer security; Data security; Information security; Kernel; Memory management; Operating systems; US Department of Defense; Utility programs;
Conference_Titel :
Security and Privacy, 1989. Proceedings., 1989 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-1939-2
DOI :
10.1109/SECPRI.1989.36280
