An analysis of three kernel-based multilevel security architectures

Irvine, Cynthia E.; Nguyen, Thuy D.

An analysis of three kernel-based multilevel security architectures

Files

NPS-CS-06-001.pdf (1.27 MB)

Authors

Irvine, Cynthia E.

Nguyen, Thuy D.

Subjects

Computer architecture.
Information science.

Date of Issue

2006-08

Publisher

Monterey, California. Naval Postgraduate School

Abstract

Various system architectures have been proposed for highly robust enforcement of multilevel security (MLS). This paper provides an analysis of the relative merits of three architectural types -- one based on a traditional separation kernel, another based on a security kernel, and a third based on a high-robustness separation kernel. We show that by taking advantage of commonly available hardware features, and incorporating security features required by the nascent Separation Kernel Protection Profile (SKPP), the latter architecture may provide several aspects of security and assurance that are not achievable with the other two.

Type

Technical Report

URI

https://hdl.handle.net/10945/511

Department

Computer Science

Organization

Computer Science (CS)

Naval Postgraduate School (U.S.)

Graduate School of Operational and Information Sciences (GSOIS)

National Science Foundation (U.S.)

Defense Advanced Research Projects Agency (DARPA)

NPS Report Number

NPS-CS-06-001

Format

22 p.: ill.;28 cm.

Distribution Statement

Approved for public release; distribution is unlimited.

Collections

Publications
Reports

Full item page

Naval Postgraduate School

Dudley Knox Library