Fine Grained Labeling. Volume 1. Operating System Support
Abstract
Trusted computer systems, such as compartmented mode workstations or systems that meet the B-level criteria of the Department of Defense Trusted Computer System Evaluation Criteria, provide a wealth of security-related functionality. In the area of labeling and access control, however, they fall somewhat short. This is because they only provide file-level labeling and access control. Many trusted applications currently envisioned, or under development, rely on a finer granularity of labeling and access control. Such applications include editors that support paragraph markings, message processing systems that label and protect individual messages, and so forth. This paper describes the design and prototype implementation of a general-purpose fine grained labeling and access control mechanism as part of a trusted operating system. The results presented herein indicate that the labeling and access control functionality applications require can be provided in a practical manner with relatively few modifications to the underlying trusted operating system. The resulting benefits to applications, namely reduced size. complexity, and dependence on system- specific security interfaces, suggest that operating system support for fine grained labeling and access control simplifies the design and implementation of such applications while enhancing their portability and minimizing software integration issues.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 1991
- Accession Number
- ADA244579
Entities
People
- Daniel F. Vukelich
- Jeffrey Picciotto
Organizations
- MITRE Corporation