We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects provides enhanced protection for secure systems.
CITATION STYLE
Levin, T. E., Irvine, C. E., & Nguyen, T. D. (2008). Least privilege in separation kernels. In Communications in Computer and Information Science (Vol. 9, pp. 146–157). Springer Verlag. https://doi.org/10.1007/978-3-540-70760-8_12
Mendeley helps you to discover research relevant for your work.