A comment on the confinement problem

Author:

Lipner Steven B.

Abstract

The confinement problem, as identified by Lampson, is the problem of assuring that a borrowed program does not steal for its author information that it processes for a borrower. An approach to proving that an operating system enforces confinement, by preventing borrowed programs from writing information in storage in violation of a formally stated security policy, is presented. The confinement problem presented by the possibility that a borrowed program will modulate its resource usage to transmit information to its author is also considered. This problem is manifest by covert channels associated with the perception of time by the program and its author; a scheme for closing such channels is suggested. The practical implications of the scheme are discussed.

Publisher

Association for Computing Machinery (ACM)

Reference15 articles.

1. Bell D. Elliott and LaPadula Leonard J. Secure computer systems. ESD-TR-73-278 (AD 770768 771543 and 780528) The MITRE Corporation Bedford Massachusetts (November 1973). Bell D. Elliott and LaPadula Leonard J. Secure computer systems. ESD-TR-73-278 (AD 770768 771543 and 780528) The MITRE Corporation Bedford Massachusetts (November 1973).

2. Burke Edmund L. Private communication—Burke and Schell seem to have devised the scheme of applying the *-property to variables inside a security kernel during late 1972 or early 1973. Burke Edmund L. Private communication—Burke and Schell seem to have devised the scheme of applying the *-property to variables inside a security kernel during late 1972 or early 1973.

3. Honeywell Information Systems. Design for Multics security enhancements. ESD-TR-74-176 Electronic Systems Division (AFSC) L. G. Hanscom AFB Massachusetts (1974). Honeywell Information Systems. Design for Multics security enhancements. ESD-TR-74-176 Electronic Systems Division (AFSC) L. G. Hanscom AFB Massachusetts (1974).

4. A note on the confinement problem

5. Millen Jonathan K. Security kernel validation in practice. MTR-2932 Vol. 2 The MITRE Corporation Bedford Massachusetts (In preparation). Millen Jonathan K. Security kernel validation in practice. MTR-2932 Vol. 2 The MITRE Corporation Bedford Massachusetts (In preparation).

Cited by 31 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Aberdeen architecture: information flow monitoring and tracking;Disruptive Technologies in Information Sciences VIII;2024-06-06

2. Creating and Developing a High-Throughput Covert Channel via Program Execution;IEEE Access;2024

3. High assurance state machine microprocessor concept: Aberdeen Architecture;Open Architecture/Open Business Model Net-Centric Systems and Defense Transformation 2022;2022-05-30

4. Using RBAC to Secure Payment Process in Cloud;Access Control Management in Cloud Environments;2020

5. Security Solutions for Intelligent and Complex Systems;Natural Language Processing;2020

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3