A secure distributed operating system

Abstract

Some issues in distributed system security are discussed in the context of the design of a secure distributed operating system (SDOS). The design is targeted for an A1 rating. Some developments in formal verification methods are reported. Distributed system security is contrasted with single-host and network security, and described in the context of the Trusted Network Interpretation. Problems unique to distributed system security are discussed. An argument is made for implementing security features in higher layers, corresponding roughly to the session through application layers of the OSI model. A security policy based on message-passing rather than reads and writes is described. The SDOS design is summarized.<>