Execution Policies Research and Implementation

Abstract

This research studied the application of a software-based ring execution policy, the type of which has previously been implemented via hardware mechanisms, to an open source operating system. Such an execution policy is orthogonal to, and may he used in conjunction with, other mandatory (viz, secrecy, integrity) and discretionary policies. It allows processes running with otherwise similar privileges (such as the root user or secrecy attributes) to be differentiated with respect to priority or privilege regarding system resources and execution. We have found that it is possible to construct a mandatory ring execution policy whose primary function is to restrict subjects from executing certain file system objects, and that this may result in a more coherent and manageable policy than what can be expected from various discretionary (e.g., policy-bypass or privilege-grouping) mechanisms.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2003
Accession Number
ADA412737

Entities

People

  • Cynthia E. Irvine
  • Paul C. Clark
  • Timothy E. Levin

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • California
  • Classification
  • Computer Access Control
  • Computer Programs
  • Computer Science
  • Computers
  • Controlled Environment
  • Cybersecurity
  • Digital Information
  • Environment
  • Human-Machine Interaction
  • Information Systems
  • Operating Systems
  • Security
  • Trojan Horse
  • User Interface

Fields of Study

  • Computer science

Readers

  • Calculus or Mathematical Analysis
  • Defense Acquisition Program Management
  • Software Engineering.