G. J. Popek, M. Kampe, C. S. Kline, A. Stoughton, M. Urban, and E. J. Walton. UCLA Secure UNIX. In Proceedings of the National Computer Conference, Vol. 48, AFIPS Press, pages 355--364, Montvale, New Jersey, 1979.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....was then) the Royal Signals Radar Establishment. 1 Introduction A formally verified security kernel is widely considered to offer the most promising basis for the construction of truly secure computer systems, at least in the short term. A number of kernelized systems have been constructed [12,19,25] and various models of security have been formulated to serve as the basis for their verification [6, 9, 28] Despite the enthusiasm for this approach, there remain certain difficulties and problems in its application (see, for example [1] I shall expand on these later, but briefly they include ....

....the kernel can be proven secure in some appropriate sense, all non kernel software becomes irrelevant to the security of the system. Security kernels differ in the extent to which they are cognizant of the overall security policy of the system. Some kernels (for example, that of UCLA Secure UNIX [25]) have the character of a sophisticated protection mechanism and guarantee that no object supported by the kernel may be accessed in any way unless its recorded protection data explicitly permits that type of access. The task of setting up the protection data so that it enforces some overall ....

G. J. Popek et al. UCLA secure UNIX. In National Computer Conference, volume 48, pages 355--364. AFIPS Conference Proceedings, 1979.

.... 70s [13] In response, the Air Force sponsored several studies to design and verify secure multilevel operating systems [200] The methodology that grew was founded on the security kernel concept, which was based on the reference monitor model of 12 security [2] These operating systems, such as [183, 78, 167, 84, 93, 141, 27], were based on more formal approaches to design and verification. Conventional database systems were also addressed, as with integrity issues, or the inference aggregate problems in statistical databases[60, 79] Also in the 1970s, with the onset of networking, new efforts were launched toward ....

Popek, G., et al. Ucla secure unix. In 1979 National Computer Conference, AFIPS Conf. Proc. Vol. 49 (1979), AFIPS, pp. 355--64.

....user s office, the goal for MLS computing service shifted to providing an MLS workstation to the user in his office that could support electronic mail at different security levels and access to MLS file services, probably remotely located. Attempts to build a secure UNIX probably began at UCLA [Popek79] An early British effort [Rush83] proposed to produce an MLS UNIX computing service using untrusted hosts sharing a multilevel file server via trusted network interface units. By 1987 at least half a dozen projects were underway [NRL87] and similar ones have continued to the present, for ....

Popek, G. J., M. Kampe, C.S. Kline, A. Stoughton, M. Urban; E. J. Walton, "UCLA Secure UNIX," AFIPS Conf. Proc. 48 (1979 NCC) pp.35564

....Some projects were intended to complete only an initial portion of this sequence of goals. The goals were met with varying degrees of success. Many security kernel projects are reported in the literature: PSOS [Feiertag 79, Neumann 77] KSOS [McCauley 79, Berson 79] UCLA Secure Unix project [Popek 79, Walker 80] KVM 370 [Gold 79] and SCOMP [Fraim 83] The Secure Ada Target (SAT, now called LOCK) Boebert 85] is an ongoing project at Honeywell. Landwehr [Landwehr 83] gives a useful summary of the state of the art circa 1983. Rushby criticizes the kernel approach to system security [Rushby ....

G.J. Popek, M. Kampe, C.S. Kline, A. Stoughton, M. Urban, E. Walton. UCLA Secure Unix. In AFIPS Conference Proceedings, pages 355-364. 1979.

....is formally demonstrated to conform to the original requirements. Several security kernels were developed to provide provable system security. These included the Kernelized Secure Operating System [MD79] MITRE security kernel [Sch75] MULTICS with AIM [SCS77] and the UCLA Data Secure Unix (DSU) PKKe79] However, security kernels failed to gain wide spread popularity because of 10 high development costs, mediocre performance, and difficulties encountered in maintaining the systems. 0.3 Security Testing Software testing is a cost effective method to detect faults in software [Mye79] Several ....

.... in finding 30 to 70 of logic design and coding errors in typical programs [Mye79] Various static analysis techniques such as code walk throughs, inspection of design and specification documents, and formal methods of verification were also used in the design of secure operating systems [MD79, PKKe79] These systems provided provable security and were formally demonstrated to conform to the security requirements. 4.2 Symbolic Testing In symbolic testing of programs, input data and output values are assigned symbolic values, that may be elementary symbolic values or expressions [DMMP87] The ....

G. J. Popek, M. Kampe, C. S Kline, and et al. UCLA Secure Unix. In Proceedings of the National Computer Conference, pages 335--364, 1979.

No context found.

G. J. Popek, M. Kampe, C. S. Kline, A. Stoughton, M. Urban, and E. J. Walton. UCLA Secure UNIX. In Proceedings of the National Computer Conference, Vol. 48, AFIPS Press, pages 355--364, Montvale, New Jersey, 1979.

No context found.

G. J. Popek, M. Kampe, C. S. Kline, A. Stoughton, M. Urban, and E. J. Walton. UCLA Secure UNIX. In Proceedings of the National Computer Conference, Vol. 48, AFIPS Press, pages 355--364, Montvale, New Jersey, 1979.

No context found.

G.J. Popek, M. Kampe, C.S. Kline, A. Stoughton, M. Urban, E. Walton. UCLA Secure Unix. In AFIPS Conference Proceedings, pages 355-364. 1979. 129

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC