Least Privilege in Separation Kernels

Abstract

We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects provides enhanced protection for secure systems.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 2006
Accession Number
ADA484519

Entities

People

  • Cynthia E. Irvine
  • Thomas E. Levin
  • Thuy D. Nguyen

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Abstracts
  • Application Software
  • Computer Programming
  • Computer Science
  • Computers
  • Cybersecurity
  • Department Of Defense
  • Flow
  • Hypervelocity Flow
  • Information Assurance
  • Information Systems
  • Models
  • National Security
  • Operating Systems
  • Product Development
  • Security
  • Test And Evaluation

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Systems Analysis and Design