Title :
A modular covert channel analysis methodology for trusted DG/UXTM
Author :
Kemmerer, Richard A. ; Taylor, Tad
Author_Institution :
Dept. of Comput. Sci., California Univ., Santa Barbara, CA, USA
Abstract :
The covert channel analysis (CCA) approach presented in the paper leverages off of the subsystem architecture of the DG/UX kernel. The kernel is structured so that each of the elements of the system state is under the control of a single subsystem. That is, these elements can only be referenced or modified by functions of the controlling subsystem; thus, each subsystem can be thought of as an abstract object. In order to make the covert channel analysis task for the Trusted DG/UX kernel more manageable and, in particular, to deal with the Ratings Maintenance Program (RAMP), a modular approach that takes advantage of the subsystem architecture is used. The CCA approach used for analyzing DG/UX is to first perform an SRM analysis for each of the subsystems that contain an exported function directly invoked from one of the system calls. These subsystems are called “peer subsystems”. The information from the SRMs for all of the peer subsystems is then used to build the kernel-wide SRM
Keywords :
Unix; operating system kernels; safety-critical software; security of data; CCA approach; DG/UX kernel; RAMP; Ratings Maintenance Program; SRM analysis; Trusted DG/UX; abstract object; commercial strength Unix system; exported function; kernel-wide SRM; modular approach; modular covert channel analysis methodology; peer subsystems; subsystem architecture; system calls; system state; Bandwidth; Computer architecture; Computer science; Control systems; Information resources; Kernel; Operating systems; Software engineering; State estimation; Trademarks;
Conference_Titel :
Computer Security Applications Conference, 1996., 12th Annual
Conference_Location :
San Diego, CA
Print_ISBN :
0-8186-7606-X
DOI :
10.1109/CSAC.1996.569703
