Screen Version
School of Computer Science & Engineering
University of New South Wales
Advanced Operating Systems
COMP9242 2002/S2
Next:
OS Extensibility
Up:
12-mungi
Previous:
Discretionary Confinement in Mungi
Subsections
Mandatory access control operation
PDX again...
Mandatory Access Control in Mungi
Using
domain and type enforcement
(DTE) model[
EH01a
]:
Each object has a
type
label
Each APD has a
domain
label
Each thread has:
a type label (because it's an object)
a domain label (because it belongs to an APD)
a PDX object has:
a type label (because it's an object)
a domain label (because it has an associated PD)
System-wide security policy is a relation on types and domains
Mandatory access control operation
MAC policy relation is represented in (user-level)
policy object
Kernel consults on each access validation:
Object access: domain has access to type
APD creation / PDX call:
thread has access to invoked object
caller APD has right to transfer to target APD
Policy object consists of a number of (mostly simple) validation functions
invoked via PDX
==>
also subject to MAC!
MAC validations are cached in separate validation cache
PDX again...
discretionary
access control validates entry points and invocation right
mandatory
access control validates right to use target PD
discretionary
and
mandatory
access control validate data access
Can use this as the basis for secure system extensions!
Component model based on PDX for extending system
Next:
OS Extensibility
Up:
12-mungi
Previous:
Discretionary Confinement in Mungi
Gernot Heiser 2002-10-24