Title :
Security policy realization in an extensible operating system
Author :
Hollingworth, Dennis ; Redmond, Timothy ; Rice, Robert
Author_Institution :
Network Associates Inc., USA
fDate :
6/22/1905 12:00:00 AM
Abstract :
We describe the practical application of security to extensible operating systems, focusing on the SPIN extensible OS. Because SPIN and other extensible operating systems support the loading of user-developed extensions directly into the kernel, they require the application of traditional user-level security in addition to kernel-level security, to prevent kernel extensions from subverting kernel functionality. In order to show that such an approach to extensible OS security is possible and practical, we augmented the existing security architecture of SPIN, maintaining the separation between policy mediation and enforcement. Several well-known user-level policies, described here, are supported in the architecture. In addition, we have introduced kernel-level security through the separation of kernel code into segments and the enforcement of a domain/type policy on threads as they progress through system code. Finally, we have devised a useful domain/type policy extensibility strategy that is conservative, but preserves the existing policy
Keywords :
operating systems (computers); security of data; SPIN; extensible operating system; kernel-level security; operating system kernel; policy mediation; security policy; threads; user-level security; Computer applications; Computer architecture; Identity-based encryption; Intelligent networks; Kernel; Mediation; Operating systems; Security; Springs; System performance;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Conference_Location :
Hilton Head, SC
Print_ISBN :
0-7695-0490-6
DOI :
10.1109/DISCEX.2000.825035
