内容简介:M. D. McIlroy and J. A. ReedsAdapted from CSTR #163, AT&T Bell Laboratories, 1992A collection of papers about the IX system, a simple but comprehensive multilevel-secure operating system with mandatory access control, based on the research v10 UNIX system.
The IX Multilevel-Secure UNIX System
M. D. McIlroy and J. A. Reeds
Adapted from CSTR #163, AT&T Bell Laboratories, 1992
A collection of papers about the IX system, a simple but comprehensive multilevel-secure operating system with mandatory access control, based on the research v10 UNIX system.
The IX security model centers on processes, files and channels (not on ``subjects'' and ``objects''). The system calculates security-classification labels dynamically, so that outputs are classified as highly as the inputs from which they were derived. The label mechanism is mandatory; not even the superuser can subvert it.
A structured privilege mechanism allows system and security administrators to bend the rules in an orderly way for purposes such as maintenance or document declassification. Privilege may be suballocated in parts of the label space so that projects may administer their own security.
A private-channel mechanism guarantees freedom from eavesdropping or spoofing, (e.g. password dialogs) with external sources.
All documents are in PostScript format.
Multilevel Security in the UNIX Tradition. An overview of the IX system and important utilities. 19 pages. Adapted from Software--Practice and Experience 22 (1992) 673-694. A few typos and PostScript portability issues were corrected in this paper and the next, February 5, 2005.
The Design of IX. Detailed specification of the security behavior of the kernel. 32 pages.
A Tour of IX. Some examples of the use of security labels and of privilege in IX . 11 pages.
Multilevel Windows on a Single-Level Terminal. The workings of mux , a windowed-terminal handler, that can run differently classified sessions in different windows. 3 pages. Adapted from Proc. UNIX Security Workshop , Usenix Association, Portland (1988) 32-34.
Secure IX Network. A discussion of the major security features of IX and how they could be extended to a network of secure computers. 8 pages. Reprinted from J. Feigenbaum and M. Merritt, Distributed Computing and Cryptography , DIMACS Series in Discrete Mathematics and Computer Science, Volume 2 (1991) 235-244, by permission of the American Mathematical Society.
Security mechanisms in IX. Presentation for a Dartmouth seminar (2005). 28 slides.
Appendix
Glossary.The jargon of IX that differs from that of UNIX. 2 pages.
Manual Pages. Revisions to UNIX v10 manual to reflect IX functionality. 50 pages.
Modified September 21, 2005
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
