Title :
A multi-threading architecture for multilevel secure transaction processing
Author :
Isa, Haruna R. ; Shockley, William R. ; Irvine, Cynthia E.
Author_Institution :
United States Navy, Washington, DC, USA
Abstract :
A TCB and security kernel architecture for supporting multi-threaded, queue-driven transaction processing applications in a multilevel secure environment is presented. Our design exploits hardware security features of the Intel 80×86 processor family. Intel´s CPU architecture provides hardware with two distinct descriptor tables. We use one of these in the usual way for process isolation. For each process, the descriptor table holds the descriptors of “system-low” segments, such as code segments, used by every thread in a process. We use the second table to hold descriptors for segments known to individual threads within the process. This allocation, together with an appropriately designed scheduling policy, permits us to avoid the full cost of process creation when only switching between threads of different security classes in the same process. Where large numbers of transactions are encountered on transaction queues, this approach has benefits over traditional multilevel systems
Keywords :
multi-threading; scheduling; security of data; transaction processing; CPU architecture; Intel processor family; TCB; descriptor tables; multilevel secure transaction processing; multithreading architecture; queue-driven transaction processing; scheduling policy; security kernel; Computer architecture; Computer science; Computer security; Containers; Costs; Instruction sets; Military computing; Multilevel systems; Switches; Yarn;
Conference_Titel :
Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-7695-0176-1
DOI :
10.1109/SECPRI.1999.766912
