| | |
Summary: The Flask Security Architecture: System Support for Diverse Security Policies
Ray Spencer Secure Computing Corporation
Stephen Smalley, Peter Loscocco National Security Agency
Mike Hibler, David Andersen, Jay Lepreau University of Utah
http://www.cs.utah.edu/flux/flask/
Abstract
Operating systems must be flexible in their support
for security policies, providing sufficient mechanisms for
supporting the wide variety of real-world security poli-
cies. Such flexibility requires controlling the propaga-
tion of access rights, enforcing fine-grained access rights
and supporting the revocation of previously granted ac-
cess rights. Previous systems are lacking in at least one
of these areas. In this paper we present an operating
system security architecture that solves these problems.
Control over propagation is provided by ensuring that
the security policy is consulted for every security deci-
sion. This control is achieved without significant perfor-
mance degradation through the use of a security decision
caching mechanism that ensures a consistent view of pol-
|
