Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Security kernels

Reply
Thread Tools

Security kernels

 
 
JeZuZ
Guest
Posts: n/a
 
      09-21-2005
How do you decide whether to include a mechanism in a security kernel or
not? Policy? Is it based on trade-offs or kernel design, ...? Anyone
who has a good reference for this?

So far I read some things about security kernels in general, but not
about how to decide what to include and what not.

Thanks in advance,
Jan
 
Reply With Quote
 
 
 
 
Bowgus
Guest
Posts: n/a
 
      09-21-2005
Well yeah, first you establish the security policy you want, then you
implement it within the kernel. As to mechanisms, that term means different
thing to different people. I myself use the term e.g. access control
mechanism ... but I'm an old guy, eh. Maybe go to the SE Linux site
http://www.nsa.gov/selinux/ . Lots of good stuff there as in look into it's
policy and how it's implemented ... imo.


> How do you decide whether to include a mechanism in a security kernel or
> not? Policy? Is it based on trade-offs or kernel design, ...? Anyone
> who has a good reference for this?
>
> So far I read some things about security kernels in general, but not
> about how to decide what to include and what not.
>
> Thanks in advance,
> Jan



 
Reply With Quote
 
 
 
 
Edward A. Feustel
Guest
Posts: n/a
 
      09-22-2005

"JeZuZ" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> How do you decide whether to include a mechanism in a security kernel or
> not? Policy? Is it based on trade-offs or kernel design, ...? Anyone
> who has a good reference for this?
>
> So far I read some things about security kernels in general, but not about
> how to decide what to include and what not.
>
> Thanks in advance,
> Jan


A security kernel should include ONLY the elements that provide the base
required to implement the security for your system. One example is the
virtualization of your physical memory, especially if this will be used in
enforcement. Another is the fundamental access mechanism
for your external storage and communication elements, e.g., disk, tape,
network, and terminal.

If memory and communications can be protected from snooping, and
cryptography and any non essential functions can be modularized and kept out
of the security kernel.

In general, keep everything possible OUT OF the security kernel.

See for example the University of Utah work.
Ed


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fork() 50 times slower on some Linux kernels? Elmar C Programming 14 01-11-2012 10:39 PM
SCLive 3.0 With Verilog, VHDL, SystemC kernels available. dcabanis VHDL 0 10-22-2009 02:11 PM
One million [bloated?] Linux kernels booted peterwn NZ Computing 2 09-26-2009 07:55 PM
TZ cache on some Linux kernels Jon Perl Misc 2 10-02-2003 03:57 AM
IS there a way for windows xp to run 2 kernels at same time? Dwight Computer Support 0 07-24-2003 09:08 AM



Advertisments