An abstract form: “The Design and Specification of a Security Kernel for the PDP-11/45”

Published by Juan Mosso on

This paper presents the design of a kernel for certifiably secure computer systems being built on the Digital Equipment Corporation PDP-11/45. The design applies a general purpose mathematical model of secure computer systems to an off-the-shelf computer. An overview of the model is given. The paper includes a specification of the design that will be the basis for a rigorous proof of the correspondence between the model and the design. This design and implementation has demonstrated the technical feasibility of the security kernel approach for designing secure computer systems.

Preface

The security kernel design given in this paper is a major revision of a kernel design described in [Schiller]. In the original design a distinction was made between the information and control structures of a computer system, and the access controls dictated by our mathematical model of secure computer systems were only applied to the information structure. To protect the control structure we stated that “it is the responsibility of the system designer to systematically determine all possible channels through the control structure . . . (and prevent) the associated state variable from being controlled and/or observed”. After that design was published it became obvious that the approach to protecting the control structure was not adequate. The systematic determination of channels was equivalent to having a model that protected the control structure.

Consequently, refinements were added to the model to allow the same mechanisms to protect both the information and control structure objects of a system. The basic technique used is to organize all of the data objects in the system into a tree-like hierarchy, and to assign each data and control object explicit security attributes. The major difference between the revised design given in this paper and the original design is the incorporation of the model refinements. In addition, this paper benefits from an additional year’s study and understanding of the computer security problem. Familiarity with the original design is not required.

References

W. L. Schiller, The Design and Specification of a Security Kernel for the PDP-11/45, MTR-2934, The MITRE Corporation, Bedford, MA 01730 (Mar. 1975).

Categories: FoundationsInformation Security

Related Posts

Analysis Foundations Information Security

Payloading the 5th domain, from hacking to economy, politics, warfare, and people.

A 60-years journey focused in technology evolution and information security, to help us understand some major events and their profound impact on society. Not to persuade us, but to inspire us to think and act.

Information Security Operations Policy Red Teams Research

Red teaming for lifeline infrastructures

From supporting societies’ most basic human needs to enabling its most ambitious endeavors in commerce, science, and technology, lifeline services and critical infrastructures underpin modern civilization’s well-being and development. Without them, it would not be Read more…

Foundations Information Security

An abstract from “Design for MULTICS Security Enhancements”

The results of a 1973 security study of the Multics Computer System are presented detailing requirements for a new access control mechanism that would allow two levels of classified data to be used simultaneously on Read more…