|
USENIX Technical Program - Abstract - Security Symposium 99
The Flask Security Architecture: System Support for Diverse Security Policies
Ray Spencer, Secure Computing Corporation; Stephen Smalley, Peter Loscocco, National Security Agency; Mike Hibler, David Anderson, and Jay Lepreau, University of Utah
Abstract
Operating systems must be flexible in their support for security
policies, providing sufficient mechanisms for supporting the wide
variety of real-world security policies. Such flexibility requires
controlling the propagation of access rights, enforcing fine-grained
access rights and supporting the revocation of previously granted
access rights. Previous systems are lacking in at least one of these
areas. In this paper we present an operating system security
architecture that solves these problems. Control over propagation is
provided by ensuring that the security policy is consulted for every
security decision. This control is achieved without significant
performance degradation through the use of a security decision caching
mechanism that ensures a consistent view of policy decisions. Both
fine-grained access rights and revocation support are provided by
mechanisms that are directly integrated into the service-providing
components of the system. The architecture is described through its
prototype implementation in the Flask microkernel-based operating
system, and the policy flexibility of the prototype is evaluated. We
present initial evidence that the architecture's impact on both
performance and code complexity is modest. Moreover, our architecture
is applicable to many other types of operating systems and
environments.
|
Need help? Use our Contacts page.
Technical Program