Next: DTOS Overview
Up: A Comparison of Methods
Previous: Motivating Examples for Adaptive
The DTOS prototype provides a security architecture that separates the
enforcement of the security policy from its definition. Since this
type of security architecture is not unique to the DTOS prototype,
results from this paper apply to a variety of systems with similar
architectures.
Elements available to adapt the security policy include the following:
- the number or complexity of the databases that a Security Server uses to
initialize its internal state
- the number of Security Servers available to the microkernel for security
computations
- the control over which Security Server makes security computations on
behalf of the microkernel
Although the number of possible implementations is large, this paper
describes the following representative implementations:
- One Security Server and multiple databases -- adapting the policy by
forcing the Security Server to re-initialize from a new security database.
- One Security Server and one database -- adapting the policy by expanding
the internal state of the Security Server and increasing the complexity of the
security database to describe more than one set of security policy
rules and by providing the Security Server with a mechanism for changing its
mode of operation.
- Multiple Security Servers with a single active server providing one point
of control over security computations -- adapting the policy by
providing a mechanism to hand off the responsibility of computing
access decisions from one server to another. Thus, one and only one
Security Server defines the policy at any given time.
- Multiple, concurrent Security Servers with responsibility for security
computations partitioned by tasks -- adapting the policy by
assigning a pointer to a specific Security Server to each new process. In this
method, whenever a process makes a request to the microkernel for
service, the microkernel submits requests for access computations to
the Security Server that is associated with that process and which defines the
security policy with respect to that process.
Next: DTOS Overview
Up: A Comparison of Methods
Previous: Motivating Examples for Adaptive
Brian Loe
Tue Dec 9 09:16:53 CST 1997