Security kernels

Discussion in 'Computer Security' started by JeZuZ, Sep 21, 2005.

  1. JeZuZ

    JeZuZ Guest

    How do you decide whether to include a mechanism in a security kernel or
    not? Policy? Is it based on trade-offs or kernel design, ...? Anyone
    who has a good reference for this?

    So far I read some things about security kernels in general, but not
    about how to decide what to include and what not.

    Thanks in advance,
    Jan
     
    JeZuZ, Sep 21, 2005
    #1
    1. Advertising

  2. JeZuZ

    Bowgus Guest

    Well yeah, first you establish the security policy you want, then you
    implement it within the kernel. As to mechanisms, that term means different
    thing to different people. I myself use the term e.g. access control
    mechanism ... but I'm an old guy, eh. Maybe go to the SE Linux site
    http://www.nsa.gov/selinux/ . Lots of good stuff there as in look into it's
    policy and how it's implemented ... imo.


    > How do you decide whether to include a mechanism in a security kernel or
    > not? Policy? Is it based on trade-offs or kernel design, ...? Anyone
    > who has a good reference for this?
    >
    > So far I read some things about security kernels in general, but not
    > about how to decide what to include and what not.
    >
    > Thanks in advance,
    > Jan
     
    Bowgus, Sep 21, 2005
    #2
    1. Advertising

  3. "JeZuZ" <> wrote in message
    news:...
    > How do you decide whether to include a mechanism in a security kernel or
    > not? Policy? Is it based on trade-offs or kernel design, ...? Anyone
    > who has a good reference for this?
    >
    > So far I read some things about security kernels in general, but not about
    > how to decide what to include and what not.
    >
    > Thanks in advance,
    > Jan


    A security kernel should include ONLY the elements that provide the base
    required to implement the security for your system. One example is the
    virtualization of your physical memory, especially if this will be used in
    enforcement. Another is the fundamental access mechanism
    for your external storage and communication elements, e.g., disk, tape,
    network, and terminal.

    If memory and communications can be protected from snooping, and
    cryptography and any non essential functions can be modularized and kept out
    of the security kernel.

    In general, keep everything possible OUT OF the security kernel.

    See for example the University of Utah work.
    Ed
     
    Edward A. Feustel, Sep 22, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    986
  2. Replies:
    0
    Views:
    875
  3. Rick Sears
    Replies:
    0
    Views:
    546
    Rick Sears
    Jul 29, 2003
  4. Dwight
    Replies:
    0
    Views:
    407
    Dwight
    Jul 24, 2003
  5. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    662
    COMSOLIT Messmer
    Sep 5, 2003
Loading...

Share This Page