Security kernels

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
How do you decide whether to include a mechanism in a security kernel or
not?  Policy?  Is it based on trade-offs or kernel design, ...?  Anyone
who has a good reference for this?

So far I read some things about security kernels in general, but not
about how to decide what to include and what not.

Thanks in advance,

Re: Security kernels

Well yeah, first you establish the security policy you want, then you
implement it within the kernel. As to mechanisms, that term means different
thing to different people. I myself use the term e.g. access control
mechanism ... but I'm an old guy, eh. Maybe go to the SE Linux site . Lots of good stuff there as in look into it's
policy and how it's implemented ... imo.

Quoted text here. Click to load it

Re: Security kernels

Quoted text here. Click to load it

A security kernel should include ONLY the elements that provide the base
required to implement the security for your system. One example is the
virtualization of your physical memory, especially if this will be used in
enforcement. Another is the fundamental access mechanism
for your external storage and communication elements, e.g., disk, tape,
network, and terminal.

If memory and communications can be protected from snooping, and
cryptography and any non essential functions can be modularized and kept out
of the security kernel.

In general, keep everything possible OUT OF the security kernel.

See for example the University of Utah work.

Site Timeline