The security policy of the secure distributed operating system prototype

Abstract

The experimental secure distributed operating system (SDOS) is described. It uses a composable property as its mandatory security policy. The security policy includes a fine granularity of discretionary access control immune to Trojan horse attacks. The high degree of assurance that composability makes practical and the richness of the discretionary controls lead SDOS to use balanced assurance. In balance assurance, the assurance measures are fitted to the portion of the security policy whose enforcement is being assured. Like the Cronus distributed computing environment from which it is derived, SDOS uses an object model with abstract operations on various types of system objects and permits an application to extend the paradigm to new types of application objects with new operations. The SDOS security policy and enforcement can likewise be extended for an application's security policy and enforcement.<>