U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

MINICOMPUTER ARCHITECTURES FOR EFFECTIVE SECURITY KERNEL IMPLEMENTATIONS

NCJ Number
57877
Author(s)
J D TANGNEY
Date Published
1978
Length
88 pages
Annotation
HARDWARE FEATURES IMPORTANT FOR AN EFFECTIVE SECURITY KERNEL IMPLEMENTATION ARE IDENTIFIED, AND AN EVALUATION OF COMMERCIALLY AVAILABLE MINICOMPUTER SYSTEMS ASSESSES THEIR SUPPORT OF THESE FEATURES.
Abstract
A TECHNOLOGY HAS EVOLVED TO SECURE A GENERAL PURPOSE COMPUTER UTILITY (A MULTIPROGRAMMING, RESOURCE-SHARING, COMPUTER SYSTEM DESIGNED TO SUPPORT INTERACTIVE AND BATCH PROCESSING AND TO BE ACCESSIBLE TO MULTIPLE USERS CONCURRENTLY) AGAINST THE COMPROMISE AND SABOTAGE OF INFORMATION. THIS TECHNOLOGY, CALLED SECURITY KERNEL TECHNOLOGY, IS A DISCIPLINED APPROACH TO PROVIDING EFFECTIVE INFORMATION ACCESS CONTROLS WITHIN A COMPUTER SYSTEM. ALTHOUGH IT MAY BE THEORETICALLY POSSIBLE TO IMPLEMENT A SECURITY KERNEL ON ANY MACHINE, CERTAIN HARDWARE ARCHITECTURAL FEATURES ARE IMPORTANT FOR IMPLEMENTING ESSENTIAL CHARACTERISTICS OF A SECURITY KERNEL. THE EVALUATION PRESENTED SHOWS THAT NOT ALL OF THE IMPORTANT HARDWARE FEATURES ARE SUPPLIED AS STANDARD OR OPTIONAL FEATURES ON ALL COMMERCIALLY AVAILABLE COMPUTERS. THE CRITERIA FOR EVALUATING THE COMPUTERS CONSIDERED ARE DISCUSSED UNDER FOUR FUNCTIONAL AREAS, VIRTUAL MEMORY, I/O ACCESS CONTROL, EXECUTION DOMAINS, AND MULTIPLE PROCESS CONTROL. IN EACH AREA BOTH ESSENTIAL AND CONVENIENT FEATURES ARE DEVELOPED. THE ESSENTIAL FEATURES IN EACH ARE THOSE NECESSARY TO SATISFY THE REQUIREMENTS FOR AN EFFECTIVE SECURITY KERNEL IMPLEMENTATION. CONVENIENT FEATURES PROVIDE DESIRABLE CAPABILITIES IN HARDWARE, CAPABILITIES THAT WOULD OTHERWISE BE PROVIDED BY KERNEL SOFTWARE. OF THE TEN MACHINES EVALUATED, THE SCOMP AND THE PRIME MACHINES ARE THE BEST CANDIDATES. SCOMP WAS DESIGNED TO SUPPORT A SECURITY KERNEL AND RATES THE BEST IN THE AREA OF I/O CONTROL; ITS SECURITY PROTECTION MODULE IS A DESCRIPTOR-BASED GENERAL ACCESS CONTROLER THAT INCLUDES I/O DEVICES WITHIN THE VIRTUAL ENVIRONMENT. PRIME RATES BEST ON PROCESS CONTROL BECAUSE OF ITS INNOVATIVE SUPPORT FOR INTERPROCESS SYNCHRONIZATION AND ITS SHARED SEGMENT TABLE ARRANGEMENT. TABULAR DATA AND REFERENCES ARE PROVIDED. (RCB)

Downloads

No download available