ABSTRACT

Execution Policies Research and Implementation   [open pdf - 307KB]

This research studied the application of a software-based ring execution policy, the type of which has previously been implemented via hardware mechanisms, to an open source operating system. Such an execution policy is orthogonal to, and may be used in conjunction with, other mandatory (viz, secrecy, integrity) and discretionary policies. It allows processes running with otherwise similar privileges (such as the root user, or secrecy attributes) to be differentiated with respect to priority or privilege regarding system resources and execution. The authors have found that it is possible to construct a mandatory ring execution policy whose primary function is to restrict subjects from executing certain file system objects, and that this may result in a more coherent and manageable policy than what can be expected from various discretionary (e.g., policy-bypass or privilege-grouping) mechanisms.

Report Number:
NPS-CS-03-003
Author:
Publisher:
Date:
2003-02
Copyright:
Public Domain
Retrieved From:
Naval Postgraduate School, Dudley Knox Library: http://www.nps.edu/Library/index.aspx
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations