5th European Symposium on Research in Computer Security (ESORICS 98)
A Kernelized Architecture for Multilevel Secure Application Policies
Simon N. Foley
Keywords :
Abstract : Mandatory labed-based policies may be used to support a wide-range of application security requirements. Labels encode the security state of system entities and the security policy specifies how these labels may change. Building on previous results, this paper develops a model for a kernelized framework for supporting these policies. The framework provides the basis for, what is essentially, an interpreter of multilevel programs: programs that manipulate multilevel label data-structures. This enables application functionality and security concerns to be developed separately, bringing with it the advantages of a separation of concerns paradigm.
(Pages 33-49)