Least Privilege in Separation Kernels

Levin, Timothy E.; Irvine, Cynthia E.; Nguyen, Thuy D.

doi:10.1007/978-3-540-70760-8_12

Least Privilege in Separation Kernels

Timothy E. Levin¹,
Cynthia E. Irvine¹ &
Thuy D. Nguyen¹

Conference paper

534 Accesses
8 Citations

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 9))

Abstract

We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects provides enhanced protection for secure systems.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Alves-Foss, J., Taylor, C.: An Analysis of the GWV Security Policy. In: Proc. of Fifth International Workshop on the ACL2 Theorem Prover and its Applications (ACL2-2004) (November 2004)
Google Scholar
Ames, B.: Real-Time Software Goes Modular. Military & Aerospace Electronics 14(9), 24–29 (2003)
Google Scholar
Anderson, J.P.: On the Feasibility of Connecting RECON to an External Network. Tech. Report, James P. Anderson Co. (March 1981)
Google Scholar
Boebert, W.E., Kain, R.Y.: A Practical Alternative to Hierarchical Integrity Policies. In: Proc. of the National Computer Security Conference, vol. 8(18) (1985)
Google Scholar
Common Criteria Project Sponsoring Organizations (CCPSO). Common Criteria for Information Technology Security Evaluation. Version 3.0 Revision 2, CCIMB-2005-07-[001, 002, 003] (June 2005)
Google Scholar
Department of Defense (DOD). Trusted Computer System Evaluation Criteria. DoD 5200.28-STD (December 1985)
Google Scholar
Irvine, C.E., Levin, T.E., Nguyen, T.D., Dinolt, G.W.: The Trusted Computing Exemplar Project. In: Proc. of the 2004 IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, June 2004, pp. 109–115 (2004)
Google Scholar
Irvine, C. E., SecureCore Project. (last accessed April 8, 2006) (last modified April 5, 2006), http://cisr.nps.edu/projects/securecore.html
Kemmerer, R.A.: A Practical Approach to Identifying Storage and Timing Channels. In: Proc. of the 1982 IEEE Symposium on Security and Privacy, Oakland, CA, April 1982, pp. 66–73 (1982)
Google Scholar
Lampson, B.: Protection. In: Proc. of 5th Princeton Conference on Information Sciences, Princeton, NJ, pp. 18–24 (1971), Reprinted in Operating Systems Reviews 8(1), 18-24 (1974)
Google Scholar
Levin, T.E., Irvine, C.E., Nguyen, T.D.: A Note on High Robustness Requirements for Separation Kernels. In: 6th International Common Criteria Conference (ICCC 2005), September 28-29 (2005)
Google Scholar
Loscocco, P.A., Smalley, S.D.: Meeting critical security objectives with Security-Enhanced Linux. In: Proc. of the 2001 Ottawa Linux Symposium (2001)
Google Scholar
Millen, J.K.: Covert Channel Capacity. In: Proc of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, April 1987, pp. 60–66 (1987)
Google Scholar
National Security Agency (NSA). U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness (July 1, 2004), http://niap.nist.gov/pp/draft_pps/pp_draft_skpp_hr_v0.621.html
Nguyen, T.D., Levin, T.E., Irvine, C.E.: High Robustness Requirements in a Common Criteria Protection Profile. In: Proceedings of the Fourth IEEE International Information Assurance Workshop, Royal Holloway, UK (April 2006)
Google Scholar
Preparata, F.P., Yeh, R.T.: Introduction to Discrete Structures for Computer Science and Engineering. Addison-Wesley, Reading (1973)
MATH Google Scholar
Reed, D.P., Kanodia, R.K.: Synchronization with Eventcounts and Sequencers. Communications of the ACM 22(2), 115–123 (1979)
Article MATH Google Scholar
Rushby., J.: Design And Verification Of Secure Systems. Operating Systems Review 15(5) (1981)
Google Scholar
Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Operating Systems. In: Proceedings of the IEEE, vol. 63(9), pp. 1278–1308 (1975)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, Naval Postgraduate School, 833 Dyer Rd., Monterey, CA, USA
Timothy E. Levin, Cynthia E. Irvine & Thuy D. Nguyen

Authors

Timothy E. Levin
View author publications
You can also search for this author in PubMed Google Scholar
Cynthia E. Irvine
View author publications
You can also search for this author in PubMed Google Scholar
Thuy D. Nguyen
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Joaquim Filipe Mohammad S. Obaidat

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Levin, T.E., Irvine, C.E., Nguyen, T.D. (2008). Least Privilege in Separation Kernels. In: Filipe, J., Obaidat, M.S. (eds) E-Business and Telecommunication Networks. ICETE 2006. Communications in Computer and Information Science, vol 9. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70760-8_12

Download citation

DOI: https://doi.org/10.1007/978-3-540-70760-8_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70759-2
Online ISBN: 978-3-540-70760-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics