A comment on the confinement problem-Reference-Cited by-同舟云学术

A comment on the confinement problem

Published:1975-11 Issue:5 Volume:9 Page:192-196
ISSN:0163-5980
Container-title:ACM SIGOPS Operating Systems Review
language:en
Short-container-title:SIGOPS Oper. Syst. Rev.

Author:

Lipner Steven B.

Abstract

The confinement problem, as identified by Lampson, is the problem of assuring that a borrowed program does not steal for its author information that it processes for a borrower. An approach to proving that an operating system enforces confinement, by preventing borrowed programs from writing information in storage in violation of a formally stated security policy, is presented. The confinement problem presented by the possibility that a borrowed program will modulate its resource usage to transmit information to its author is also considered. This problem is manifest by covert channels associated with the perception of time by the program and its author; a scheme for closing such channels is suggested. The practical implications of the scheme are discussed.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/1067629.806537

Reference15 articles.

1. Bell D. Elliott and LaPadula Leonard J. Secure computer systems. ESD-TR-73-278 (AD 770768 771543 and 780528) The MITRE Corporation Bedford Massachusetts (November 1973). Bell D. Elliott and LaPadula Leonard J. Secure computer systems. ESD-TR-73-278 (AD 770768 771543 and 780528) The MITRE Corporation Bedford Massachusetts (November 1973).

2. Burke Edmund L. Private communication—Burke and Schell seem to have devised the scheme of applying the *-property to variables inside a security kernel during late 1972 or early 1973. Burke Edmund L. Private communication—Burke and Schell seem to have devised the scheme of applying the *-property to variables inside a security kernel during late 1972 or early 1973.

3. Honeywell Information Systems. Design for Multics security enhancements. ESD-TR-74-176 Electronic Systems Division (AFSC) L. G. Hanscom AFB Massachusetts (1974). Honeywell Information Systems. Design for Multics security enhancements. ESD-TR-74-176 Electronic Systems Division (AFSC) L. G. Hanscom AFB Massachusetts (1974).

4. A note on the confinement problem

5. Millen Jonathan K. Security kernel validation in practice. MTR-2932 Vol. 2 The MITRE Corporation Bedford Massachusetts (In preparation). Millen Jonathan K. Security kernel validation in practice. MTR-2932 Vol. 2 The MITRE Corporation Bedford Massachusetts (In preparation).

Cited by 31 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Aberdeen architecture: information flow monitoring and tracking;Disruptive Technologies in Information Sciences VIII;2024-06-06

2. Creating and Developing a High-Throughput Covert Channel via Program Execution;IEEE Access;2024

3. High assurance state machine microprocessor concept: Aberdeen Architecture;Open Architecture/Open Business Model Net-Centric Systems and Defense Transformation 2022;2022-05-30

4. Using RBAC to Secure Payment Process in Cloud;Access Control Management in Cloud Environments;2020

5. Security Solutions for Intelligent and Complex Systems;Natural Language Processing;2020