|
|
|
|
09-21-2005, 02:46 PM
|
#1 |
Security kernels
How do you decide whether to include a mechanism in a security kernel or
not? Policy? Is it based on trade-offs or kernel design, ...? Anyone who has a good reference for this? So far I read some things about security kernels in general, but not about how to decide what to include and what not. Thanks in advance, Jan JeZuZ |
|
|
|
09-21-2005, 10:40 PM
|
#2 |
|
Posts: n/a
|
Re: Security kernels
Well yeah, first you establish the security policy you want, then you
implement it within the kernel. As to mechanisms, that term means different thing to different people. I myself use the term e.g. access control mechanism ... but I'm an old guy, eh. Maybe go to the SE Linux site http://www.nsa.gov/selinux/ . Lots of good stuff there as in look into it's policy and how it's implemented ... imo. > How do you decide whether to include a mechanism in a security kernel or > not? Policy? Is it based on trade-offs or kernel design, ...? Anyone > who has a good reference for this? > > So far I read some things about security kernels in general, but not > about how to decide what to include and what not. > > Thanks in advance, > Jan Bowgus |
|
|
|
09-22-2005, 10:35 AM
|
#3 |
|
Posts: n/a
|
Re: Security kernels
"JeZuZ" <> wrote in message news: ... > How do you decide whether to include a mechanism in a security kernel or > not? Policy? Is it based on trade-offs or kernel design, ...? Anyone > who has a good reference for this? > > So far I read some things about security kernels in general, but not about > how to decide what to include and what not. > > Thanks in advance, > Jan A security kernel should include ONLY the elements that provide the base required to implement the security for your system. One example is the virtualization of your physical memory, especially if this will be used in enforcement. Another is the fundamental access mechanism for your external storage and communication elements, e.g., disk, tape, network, and terminal. If memory and communications can be protected from snooping, and cryptography and any non essential functions can be modularized and kept out of the security kernel. In general, keep everything possible OUT OF the security kernel. See for example the University of Utah work. Ed Edward A. Feustel |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Computer Security Information and What You Can Do To Keep Your SystemSafe! | Ann.Anderson.group.com@gmail.com | A+ Certification | 0 | 12-06-2007 01:55 AM |
| Computer Security | aldrich.chappel.com.use@gmail.com | A+ Certification | 0 | 11-27-2007 02:11 AM |
| Computer Security Information (Free Articles and eBooks) | aditya.jaiswal.com.use@gmail.com | DVD Video | 0 | 10-10-2007 04:53 AM |
| Re: Mac Security vs. Windows Security | Tony Sivori | A+ Certification | 0 | 10-28-2003 06:23 AM |
| Re: Mac Security vs. Windows Security | Ghost | A+ Certification | 0 | 10-28-2003 02:16 AM |
