Least Privilege Separation Kernel storage hierarchy prototype for the trusted computing exemplar project
| dc.contributor.advisor | Irvine, Cynthia E. | |
| dc.contributor.advisor | Clark, Paul C. | |
| dc.contributor.author | Guillen, Jonathan Michael | |
| dc.contributor.corporate | Naval Postgraduate School (U.S.) | |
| dc.contributor.department | Computer Science | |
| dc.date.accessioned | 2012-03-14T17:45:02Z | |
| dc.date.available | 2012-03-14T17:45:02Z | |
| dc.date.issued | 2010-06 | |
| dc.description.abstract | The Least Privilege Separation Kernel (LPSK) is part of the Trusted Computing Exemplar (TCX) project. Separation kernels may be used to partition resources in support of the enforcement of mandatory security policies. The LPSK provides services that allow each subject to access resources configured as part of its domain. To ensure permanence of information the LPSK requires a storage hierarchy for its data resources. This thesis describes the design for a LPSK storage hierarchy based on existing LPSK requirements. The design was implemented in a Linux environment to produce a storage hierarchy prototype. Implementation of the prototype proceeded in keeping with principles for developmental security which include minimization, modularity, and hierarchical dependencies. The LPSK storage hierarchy external interfaces belong in three distinct categories: The configuration interfaces are used to construct the storage hierarchy and its contents in a non-LPSK context, initialization interfaces associate data segment handles with data segments that are exported to LPSK subjects, and runtime interfaces support the reading and writing to secondary storage data segments exported to non-LPSK subjects. Testing showed that storage hierarchy interfaces behaved according to specification. This study shows that a storage hierarchy prototype can be designed and implemented based on the LPSK functional specification. | en_US |
| dc.description.distributionstatement | Approved for public release; distribution is unlimited. | |
| dc.description.service | Naval Postgraduate School author (civilian) | en_US |
| dc.description.uri | http://archive.org/details/leastprivilegese109455314 | |
| dc.format.extent | xvi, 147 p. : ill. ; | en_US |
| dc.identifier.oclc | 648156768 | |
| dc.identifier.uri | https://hdl.handle.net/10945/5314 | |
| dc.publisher | Monterey, California. Naval Postgraduate School | en_US |
| dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
| dc.subject.lcsh | Kernel functions | en_US |
| dc.subject.lcsh | Electronic security systems | en_US |
| dc.title | Least Privilege Separation Kernel storage hierarchy prototype for the trusted computing exemplar project | en_US |
| dc.type | Thesis | en_US |
| dspace.entity.type | Publication | |
| etd.thesisdegree.discipline | Computer Science | en_US |
| etd.thesisdegree.grantor | Naval Postgraduate School | en_US |
| etd.thesisdegree.level | Masters | en_US |
| etd.thesisdegree.name | M.S. | en_US |
| etd.verified | no | en_US |
Files
Original bundle
1 - 1 of 1