A time interval memory protection system

Abstract

Time is often a critical factor for making decisions regarding access to information. To manage and protect critical data in this regard implies that information systems need to enforce temporal security policies. However, we lack operating system and hardware support for implementing temporal protection mechanisms. A time interval memory protection architecture to support enforcement of temporal policies is presented. It implements a Time Interval Access Control model in which authorizations are determined by time attributes associated with subjects and objects, and constraints on the relations of those attributes relative to the time of access. The policy is enforced at the memory page level by kernel mechanisms and related hardware extensions. The notion of memory access phases and the principle of efficiently mediated access are articulated to support the analysis of the design. A simulator-based prototype shows that the architecture is both feasible and practical.