Directions in computer security

Abstract

One of the primary thrusts in operating system security has come from the Department of Defense (DoD), which early recognized the need for security controls in open use, multi-user, resource-shared computer systems.1 Two features in particular, mandatory access controls and security kernel technology, have been strongly promoted by the DoD. Mandatory access controls, necessary to support a security policy that cannot be circumvented by any user (in DoD's case, the national security policy regarding personnel clearances and data classifications) are being studied for their applicability to business2 and industry security problems. Security kernel technology is an implementation of the reference monitor concept, a security enforcement abstraction which views a computer system as composed of subjects (e.g., processes, users) and objects (e.g., files) and a reference monitor which checks each access by a subject to an object. In the past ten years, several attempts to build secure operating systems have utilized security kernel technology. While none of these attempts was practical from a performance point of view, the security kernel research still serves as a basis for current attempts to build secure systems. In a continuing effort to promote secure systems for DoD use, the DoD Computer Security Center was formed in 1981. One of the first tasks of the Center was to draft a “Trusted Computer System Evaluation Criteria” which defines various levels of protection for computer systems.3 In addition to listing feature requirements, including auditing, labelling, mandatory access controls, discretionary access controls, identification and authentication, the criteria discuss both the structure and development techniques used to produce trusted systems.