{"title":"高保证的多级文件系统","authors":"C. Irvine","doi":"10.1109/SECPRI.1995.398924","DOIUrl":null,"url":null,"abstract":"The designs of applications for multilevel systems cannot merely duplicate those of the untrusted world. When applications are built on a high assurance base, they will be constrained by the underlying policy enforcement mechanism. Consideration must be given to the creation and management of multilevel data structures by untrusted subjects. Applications should be designed to rely upon the TCB's security policy enforcement services rather than build new access control services beyond the TCB perimeter. The results of an analysis of the design of a general purpose file system developed to execute as an untrusted application on a high assurance TCB are presented. The design illustrates a number of solutions to problems resulting from a high assurance environment.<<ETX>>","PeriodicalId":420458,"journal":{"name":"Proceedings 1995 IEEE Symposium on Security and Privacy","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1995-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"A multilevel file system for high assurance\",\"authors\":\"C. Irvine\",\"doi\":\"10.1109/SECPRI.1995.398924\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The designs of applications for multilevel systems cannot merely duplicate those of the untrusted world. When applications are built on a high assurance base, they will be constrained by the underlying policy enforcement mechanism. Consideration must be given to the creation and management of multilevel data structures by untrusted subjects. Applications should be designed to rely upon the TCB's security policy enforcement services rather than build new access control services beyond the TCB perimeter. The results of an analysis of the design of a general purpose file system developed to execute as an untrusted application on a high assurance TCB are presented. The design illustrates a number of solutions to problems resulting from a high assurance environment.<<ETX>>\",\"PeriodicalId\":420458,\"journal\":{\"name\":\"Proceedings 1995 IEEE Symposium on Security and Privacy\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1995-05-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 1995 IEEE Symposium on Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECPRI.1995.398924\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 1995 IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.1995.398924","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The designs of applications for multilevel systems cannot merely duplicate those of the untrusted world. When applications are built on a high assurance base, they will be constrained by the underlying policy enforcement mechanism. Consideration must be given to the creation and management of multilevel data structures by untrusted subjects. Applications should be designed to rely upon the TCB's security policy enforcement services rather than build new access control services beyond the TCB perimeter. The results of an analysis of the design of a general purpose file system developed to execute as an untrusted application on a high assurance TCB are presented. The design illustrates a number of solutions to problems resulting from a high assurance environment.<>
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
