Advanced Operating Systems   COMP9242 2002/S2

UNSW

Printer-Friendly Version Administration                - Notices - Course Intro - Consultations # On-line Survey (closed) - Survey Results   Work - Lectures - Milestone 0 - Project Admin - Project Spec - Project FAQ - Exam   Documentation - ASysT Lab - L4 source browser - Sulima ISA Simulator - R4x00 ISA Summary  - MIPS R4700 Reference - MIPS R4000 User Manual  - Network Driver - GT64111   Related Info - Aurema OS Prize - OS Hall of Fame   History - 2000 - 1999 - 1998   Staff - Gernot Heiser (LiC)

Mandatory Access Control in Mungi Using domain and type enforcement (DTE) model[EH01a]: Each object has a type label Each APD has a domain label Each thread has: a type label (because it's an object) a domain label (because it belongs to an APD) a PDX object has: a type label (because it's an object) a domain label (because it has an associated PD) System-wide security policy is a relation on types and domains Mandatory access control operation MAC policy relation is represented in (user-level) policy object Kernel consults on each access validation: Object access: domain has access to type APD creation / PDX call: thread has access to invoked object caller APD has right to transfer to target APD Policy object consists of a number of (mostly simple) validation functions invoked via PDX ==> also subject to MAC! MAC validations are cached in separate validation cache PDX again... discretionary access control validates entry points and invocation right mandatory access control validates right to use target PD discretionary and mandatory access control validate data access Can use this as the basis for secure system extensions! Component model based on PDX for extending system