Title :
Lattice scheduling and covert channels
Author_Institution :
Digital Equipment Corp., Littleton, MA, USA
Abstract :
The lattice scheduler is a process scheduler that reduces the performance penalty of certain covert-channel countermeasures by scheduling processes using access class attributes. The lattice scheduler was developed as part of the covert-channel analysis of the VAX security kernel. The VAX security kernel is a virtual-machine monitor security kernel for the VAX architecture designed to meet the requirements of the A1 rating from the US National Computer Security Center. After describing the cache channel, a description is given of how this channel can be exploited using the VAX security kernel as an example. The author discusses how this channel can be closed and the performance effects of closing the channel. The lattice scheduler is introduced, and its use in closing the cache channel is demonstrated. Finally, the work illustrates the operation of the lattice scheduler through an extended example and concludes with a discussion of some variations of the basic scheduling algorithm
Keywords :
operating systems (computers); scheduling; security of data; virtual machines; National Computer Security Center; VAX security kernel; access class attributes; cache channel; covert-channel countermeasures; lattice scheduler; process scheduler; virtual-machine monitor; Computer architecture; Computer security; Computerized monitoring; Invasive software; Kernel; Lattices; National security; Processor scheduling; Timing; Trademarks;
Conference_Titel :
Research in Security and Privacy, 1992. Proceedings., 1992 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-2825-1
DOI :
10.1109/RISP.1992.213271
