An OSKit-base implementation of least privilege separation kernel memory partitioning
Carter, Donald W.
Irvine, Cynthia E.
MetadataShow full item record
In an environment with valuable information assets, the threat of subversion is real. Thus, systems must be built from the ground up to counter the level of sophistication and capital that is pitted against them. To build such systems, rigorous assurance criteria must be met. Currently for high assurance systems there is no publicly available example of their design and construction. The Trusted Computing Exemplar (TCX) Project is intended to make publicly available a high assurance component and its evaluation evidence. This work is to build a working prototype of selected TCX kernel functionality. The prototype is constructed and based on OSKit, and restricts information flow between memory partitions and resource accesses made by processes. Pages are statically allocated on a per-partition basis and page faults are handled by the kernel. The prototype demonstrates a least privilege-based approach to exported resource management. It uses a separation kernel with preloaded configuration data to allocate memory resources to processes.
Showing items related by title, author, creator and subject.
Nguyen, Thuy D.; Gondree, Mark A.; Khosalim, Jean; Irvine, Cynthia E. (2013);The Apache™ Hadoop® framework provides parallel processing and distributed data storage capabilities that data analytics applications can utilize to process massive sets of raw data. These Big Data applications ...
Levin, Timothy E.; Dinolt, George W.; Irvine, Cynthia E. (Monterey, California. Naval Postgraduate School, 2002-09); NPS-CS-02-004The National Information Infrastructure is weak; there are no high security, high assurance, off-the-shelf products available that can be used to strengthen it; and the National capability to design and construct such ...
Toh, Boon Pin (Monterey, California. Naval Postgraduate School, 2010-12);A separation kernel can be used as the foundation of a high assurance system that enforces mandatory security policies. The contexts in which such separation kernels might be used include support for a distributed trusted ...