A Multi-Threading Architecture for Multilevel Secure Transaction Processing

Abstract

A TCB and security kernel architecture for supporting multi-threaded, queue-driven transaction processing applications in a multilevel secure environment is presented. Our design exploits hardware security features of the Intel 80x86 processor family. Intel's CPU architecture provides hardware with two distinct descriptor tables. We use one of these in the usual way for process isolation. For each process, the descriptor table holds the descriptors of "system-low" segments, such as code segments, used by every thread in a process. We use the second table to hold descriptors for segments known to individual threads within the process. This allocation, together with an appropriately designed scheduling policy, permits us to avoid the full cost of process creation when only switching between threads of different security classes in the same process. Where large numbers of transactions are encountered on transaction queues, this approach has benefits over traditional multilevel systems.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 1999
Accession Number
ADA423692

Entities

People

  • Cynthia E. Irvine
  • Haruna R. Isa
  • William R. Shockley

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Access Control
  • Computer Programming
  • Computer Science
  • Computers
  • Databases
  • Department Of Defense
  • Environment
  • Information Operations
  • Information Systems
  • Lessons Learned
  • Multithreading
  • Operating Systems
  • Scheduling (Production)
  • Security
  • Sensitivity
  • Switches
  • System Software

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Snow Cover Descriptors for Reptiles and Their Illustrations.