Show simple item record

dc.contributor.authorLevin, Timothy E.
dc.contributor.authorIrvine, Cynthia E.
dc.contributor.authorNguyen, Thuy D.
dc.date.accessioned2012-03-14T17:00:30Z
dc.date.available2012-03-14T17:00:30Z
dc.date.issued2004-10
dc.identifier.urihttp://hdl.handle.net/10945/505
dc.description.abstractWe extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects and resources provides enhanced protection for secure systems, and how only trusted subjects may cause certain information flows between partitions. A high assurance separation kernel based on least privilege can provide all of the functionality and protection of the traditional separation kernel, combined with a high level of confidence that the effects of subjects' activities can be minimized to their intended scope.en_US
dc.description.sponsorshipNational Security Agency
dc.format.extent22 p.: ill.;28 cm.en_US
dc.publisherMonterey, California. Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleA least privilege model for static separation kernelsen_US
dc.typeTechnical Reporten_US
dc.contributor.corporateUnited States National Security Agency
dc.contributor.corporateNaval Postgraduate School
dc.contributor.departmentComputer Science (CS)
dc.identifier.oclcocm70810856
dc.identifier.npsreportNPS-CS-05-003
dc.description.distributionstatementApproved for public release; distribution is unlimited.


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record