Security kernel

Abstract: A secure processor is operable in normal and preferred modes, and includes a security kernel instantiated when the processor enters into preferred mode and a security key accessible by the security kernel during preferred mode. The security kernel employs the accessed security key to authenticate a secure application, and allows the processor to be trusted to keep hidden a secret of the application. To instantiate the application, the processor enters preferred mode where the security key is accessible, and instantiates and runs the security kernel. The security kernel accesses the security key and applies same to decrypt a key for the application, stores the decrypted key in a location where the application will expect same, and instantiates the application. The processor then enters the normal mode, where the security key is not accessible.

Abstract: A formal security policy model that uses basic view concepts for a secure multilevel relational database system is described. The model is formulated in two layers, one corresponding to a security kernel of reference monitor that enforces mandatory security, and the other defining multilevel relations and formalizing policies for labeling new and derived data, data consistency, discretionary security, and transaction consistency. This includes the policies for sanitization, aggregation, and downgrading. The model also defines application-independent properties for entity integrity, referential integrity, and polyinstantiation integrity. >

Abstract: A computer security mechanism including an access control table specifying the predetermined access rights of each of a plurality of predetermined security subjects relative to predetermined security objects; a collection of mutually exclusive execution domains for each of the security subjects so that the executing processes of a security subject can only directly access code and data contained within the collection of domains of such security subject; a collection of mutually exclusive domains for a plurality of security object type managers, each of which is the sole owner of the right and ability to create and control access to security objects of a predetermined type, such that the only interaction between the execution environment of a security subject and the execution environment of another security subject is through operations on security objects performed through the services of the type managers; an object table for storing entries identifying the nature and location of security objects; and unforgeable access descriptors created by the security type managers by reference to the access control table for validation of access rights and utilized to allow access by security subjects to security objects via the object table, each access descriptor containing an index to the object table entry for the associated security object and identification of the access rights of the security subject with which the access descriptor is associated, whereby use of an access descriptor allows for efficient validation and mechanization of a requested access.

Abstract: This paper describes fuzzy time. This is a collection of techniques that reduces the bandwidths of covert timing channels by making all clocks available to a process noisy. Developed in response to the problems posed by high-speed hardware timing channels, fuzzy time has been implemented in the VAX security kernel. The VAX security kernel is a virtual-machine monitor security kernel for the VAX architecture designed to meet the requirements of the Al rating from the National Computer Security Center.