Abstract
The Password-Capability System is a compact operating system with an access control mechanism based on password-capabilities. We show that the system is able to support several security paradigms which solve real-world problems not adequately addressed by conventional operating systems such as Windows and Unix. We show also that these paradigms are only effective if the system is free from covert channels. To this end, we carry out a covert channel analysis of the system and outline the elimination of all channels found.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Dennis, J.B., Van Horn, E.C.: Programming semantics for multiprogrammed computations. Communications of the ACM 9, 143–155 (1966)
Myers, G.J., Buckingham, B.R.S.: A hardware implementation of capability-based addressing. ACM SIGARCH Computer Architecture News 8, 12–24 (1980)
Keedy, J.L., Espenlaub, K., Hellman, R., Pose, R.D.: SPEEDOS: How to achieve high security and understand it. In: Proceedings of CERT Conf. 2000, Omaha, Nebraska, USA (2000)
Abramson, D.A., Rosenberg, J.: The microarchitecture of a capability-based computer. In: Proceedings of the 19th annual workshop on Microprogramming, New York, USA, pp. 138–145 (1986)
Cohen, E., Jefferson, D.: Protection in the Hydra operating system. In: Proceedings of the Fifth ACM Symposium on Operating System Principles, pp. 141–160. ACM Press, New York (1975)
Jones, A.K.: Capability architecture revisited. Operating Systems Review 14, 33–35 (1980)
Mossop, D., Pose, R.: Semantics of the Password-Capability System. In: Proceedings of the IADIS International Conference, Applied Computing 2005, vol. 1, pp. 121–128 (2005)
Castro, M.D.: The Walnut Kernel: A Password-Capability Based Operating System. PhD thesis, Monash University (1996)
Wallace, C.S., Pose, R.D.: Charging in a secure environment. In: Security and Persistence, pp. 85–97. Springer, Heidelberg (1990)
Anderson, M., Wallace, C.S.: Some comments on the implementation of capabilities. The Australian Computer Journal 20, 122–130 (1988)
Anderson, M., Pose, R.D., Wallace, C.S.: A password-capability system. The Computer Journal 29, 1–8 (1986)
Heiser, G., Elphinstone, K., Vochteloo, J., Russell, S., Liedtke, J.: The Mungi single-address-space operating system. Software Practice and Experience 28, 901–928 (1998)
Vochteloo, J.: Design, Implementation and Performance of Protection in the Mungi Single-Address-Space Operating System. PhD thesis, University of NSW, Sydney 2052, Australia (1998)
Vochteloo, J., Elphinstone, K., Russell, S., Heiser, G.: Protection domain extensions in Mungi. In: Proceedings of the 5th IEEE International Workshop on Object Orientation in Operating Systems, Seattle, WA, USA (1996)
Vochteloo, J., Russell, S., Heiser, G.: Capability-based protection in the Mungi operating system. In: Proceedings of the 3rd IEEE International Workshop on Object Orientation in Operating Systems, Asheville, NC, USA (1993)
Chase, J.S., Baker-Harvey, M., Levy, H.M., Lazowska, E.D.: Opal: A single address space system for 64-bit architectures. In: Proceedings of the Third Workshop on Workstation Operating Systems, pp. 80–85. ACM Press, New York (1992)
Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16, 613–615 (1973)
NCSC. A guide to understanding covert channel analysis of trusted systems. Technical Report NCSC-TG-030, National Computer Security Center (1993)
Tsai, C.R., Gligor, V.D., Chandersekaran, C.: A formal method for the identification of covert storage channels in source code. IEEE Transactions on Software Engineering 16, 569–580 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mossop, D., Pose, R. (2005). Covert Channel Analysis of the Password-Capability System. In: Srikanthan, T., Xue, J., Chang, CH. (eds) Advances in Computer Systems Architecture. ACSAC 2005. Lecture Notes in Computer Science, vol 3740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11572961_53
Download citation
DOI: https://doi.org/10.1007/11572961_53
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29643-0
Online ISBN: 978-3-540-32108-8
eBook Packages: Computer ScienceComputer Science (R0)