A Least Privilege Model for Static Separation Kernels

Abstract

We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects and resources provides enhanced protection for secure systems, and how only "trusted subjects" may cause certain information flows between partitions. A high assurance separation kernel based on least privilege can provide all of the functionality and protection of the traditional separation kernel, combined with a high level of confidence that the effects of subjects' activities can be minimized to their intended scope.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2004
Accession Number
ADA526333

Entities

People

  • Cynthia E. Irvine
  • Thuy D. Nguyen
  • Timothy E. Levin

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Human Systems
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Abstracts
  • Aircrafts
  • Application Software
  • Computer Access Control
  • Computer Programming
  • Computers
  • Embedded Systems
  • Flow
  • Hypervelocity Flow
  • Information Systems
  • Models
  • Operating Systems
  • Radio Equipment
  • Specifications
  • Tactical Radios
  • Test And Evaluation
  • Virtual Machines

Readers

  • Artificial Intelligence
  • Cybersecurity.
  • Operations Research