A microprocessor design for multilevel security

Author

Clifton, Daniel B. ; Fernandez, Eduardo B.

Author_Institution

Harris Semicond., Melbourne, FL, USA

fYear

1988

fDate

12-16 Dec 1988

Firstpage

194

Lastpage

198

Abstract

A protection architecture, specifically designed to meet the requirements for secure hardware is described. This architecture, which is called the KEVEC-32 (Kernelized Verifiable CISC processor), enforces a multilevel, categorized model of security. Intended for multilevel applications, the microprocessor uses several unique features to provide a high degree of security. The most significant of these is a separation of processor privilege states and data classification. The processor also provides enhanced access control through a domain-based virtual addressing system. An extended 56-bit virtual address provides accountability by assigning each user with a specific address space. Finally, security validation is facilitated by organizing all security-related portions of hardware into a secure kernel

Keywords

computer architecture; microprocessor chips; security of data; KEVEC-32; Kernelized Verifiable CISC processor; data classification; domain-based virtual addressing system; enhanced access control; microprocessor design; multilevel applications; multilevel security; processor privilege states; protection architecture; secure hardware; secure kernel; security validation; security-related portions; specific address space; Access control; Algorithms; Data security; Hardware; Information security; Microprocessors; Multilevel systems; Operating systems; Organizing; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Aerospace Computer Security Applications Conference, 1988., Fourth

Conference_Location

Orlando, FL

Print_ISBN

0-8186-0895-1

Type

conf

DOI

10.1109/ACSAC.1988.113440

Filename

113440