| | |
Summary: The Flask Security Architecture: System Support for Diverse Security Policies
Ray Spencer Secure Computing Corporation
Stephen Smalley, Peter Loscocco National Security Agency
Mike Hibler, David Andersen, Jay Lepreau University of Utah
http://www.cs.utah.edu/flux/flask/
Abstract
Operating systems must be flexible in their support
for security policies, providing sufficient mechanisms for
supporting the wide variety of realworld security poli
cies. Such flexibility requires controlling the propaga
tion of access rights, enforcing finegrained access rights
and supporting the revocation of previously granted ac
cess rights. Previous systems are lacking in at least one
of these areas. In this paper we present an operating
system security architecture that solves these problems.
Control over propagation is provided by ensuring that
the security policy is consulted for every security deci
sion. This control is achieved without significant perfor
mance degradation through the use of a security decision
caching mechanism that ensures a consistent view of pol
|
