Least Privilege Separation Kernel storage hierarchy prototype for the trusted computing exemplar project

dc.contributor.advisorIrvine, Cynthia E.
dc.contributor.advisorClark, Paul C.
dc.contributor.authorGuillen, Jonathan Michael
dc.contributor.corporateNaval Postgraduate School (U.S.)
dc.contributor.departmentComputer Science
dc.description.abstractThe Least Privilege Separation Kernel (LPSK) is part of the Trusted Computing Exemplar (TCX) project. Separation kernels may be used to partition resources in support of the enforcement of mandatory security policies. The LPSK provides services that allow each subject to access resources configured as part of its domain. To ensure permanence of information the LPSK requires a storage hierarchy for its data resources. This thesis describes the design for a LPSK storage hierarchy based on existing LPSK requirements. The design was implemented in a Linux environment to produce a storage hierarchy prototype. Implementation of the prototype proceeded in keeping with principles for developmental security which include minimization, modularity, and hierarchical dependencies. The LPSK storage hierarchy external interfaces belong in three distinct categories: The configuration interfaces are used to construct the storage hierarchy and its contents in a non-LPSK context, initialization interfaces associate data segment handles with data segments that are exported to LPSK subjects, and runtime interfaces support the reading and writing to secondary storage data segments exported to non-LPSK subjects. Testing showed that storage hierarchy interfaces behaved according to specification. This study shows that a storage hierarchy prototype can be designed and implemented based on the LPSK functional specification.en_US
dc.description.distributionstatementApproved for public release; distribution is unlimited.
dc.description.serviceNaval Postgraduate School author (civilian)en_US
dc.format.extentxvi, 147 p. : ill. ;en_US
dc.publisherMonterey, California. Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.subject.lcshKernel functionsen_US
dc.subject.lcshElectronic security systemsen_US
dc.titleLeast Privilege Separation Kernel storage hierarchy prototype for the trusted computing exemplar projecten_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
861.37 KB
Adobe Portable Document Format