An overview of NGSCB

Trusted Computing

Volumn , Issue , 2005, Pages 115-142

  Peinado, Marcus ^a   England, Paul ^a   Chen, Yuqun ^a  

^a NONE

Author keywords

Commercial OS; Complex device drivers; Computer viruses; Desktop operating system; Driver bugs; Email viruses; Network intrusions; NGSCB; Operating systems (computers); Program debugging; Security vulnerabilities; Software architecture

Indexed keywords

COMPLEX NETWORKS; COMPUTER DEBUGGING; COMPUTER NETWORKS; COMPUTER VIRUSES; ELECTRONIC MAIL; NETWORK SECURITY; PROGRAM DEBUGGING; QUALITY ASSURANCE; SECURITY OF DATA; SOFTWARE ARCHITECTURE; STANDARDS;

COMPLEX DEVICE DRIVERS; DESKTOP OPERATING SYSTEMS; DRIVER BUGS; EMAIL VIRUS; NETWORK INTRUSIONS; NGSCB; SECURITY VULNERABILITIES;

COMPUTER OPERATING SYSTEMS;

EID: 85013587012     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1049/PBPC006E_ch4     Document Type: Chapter

References (47)

1. B. Lampson. Computer security in the real world, 2000. http://www.research.microsoft.com/lampson/64-SecurityInRealWorld/Abstract.html.
2. T. Berson and G. Barksdale. KSOS - a development methodology for a secure operating system. In Proceedings of the 1979 AFIPS National Computer Conference, pp. 365-371. AFIPS Press, Montvale, NJ, 1979.
3. R. Schell, T. Tao, and M. Heckman. Designing the GEMSOS security kernel for security and performance. In Proceedings of the 8th DoD/NBS Computer Security Conference, pp. 108-119, 1985.
4. L. Fraim. Scomp: a solution to the multilevel security problem. IEEE Computer, 16:26-34, July 1983.
5. DOD, Washington, DC. Department of Defense Trusted Computer System Evaluation Criteria. DOD 5200.28-STD, December 1985.
6. NIST. Common Criteria for Information Technology Security Evaluation, version 2.1 edition, August 1999. http://www.commoncriteriaportal.org/public/files/ccpart1V2.2.pdf
7. B. Pfitzmann, J. Riordan, C. Stüble, M. Waidner, and A. Weber. The Perseus system architecture. Technical Report, IBM Research Division, 2001.
8. D. Engler, M. F. Kaashoek, and J. O’Toole, Jr. Exokernel: an operating system architecture for application-level resource management. In Proceedings of the 15th Symposium on Operating Systems Principles (SOSP’95), Operating Systems Review, pp. 251-266. ACM Press, New York, 1995.
9. T. Garfinkel, M. Rosenblum, and D. Boneh. Flexible OS support and applications for trusted computing. In Proceedings of the 9th USENIXWorkshop on Hot Topics in Operating Systems (HotOS-IX), pp. 145-150. USENIX, Berkeley, CA, 2003.
10. J. Robin and C. Irvine. Analysis of the Intel Pentium’s ability to support a secure virtual machine monitor. In Proceedings of the 9th USENIX Security Symposium (SECURITY-00), pp. 129-144. The USENIX Association, Berkeley, CA, 2000.
11. G. Popek and R. Goldberg. Formal requirements for virtualizable third generation architectures. Communications of the ACM, 17(7):412-421, 1974.
12. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of the 19th Symposium on Operating Systems Principles (SOSP’03), pp. 164-177. ACM Press, New York, 2003.
13. Y. Chen, P. England, M. Peinado, and B. Willman. High assurance computing on open hardware architectures. Technical Report MSR-TR-2003-20, Microsoft Research, 2003.
14. R. Parmelee, T. Peterson, C. Tillman, and D. Hatfield. Virtual storage and virtual machine concepts. IBM Systems Journal, 11(2):99-130, 1972.
15. B. Lampson. Protection. ACM Operating Systems Review, 8(1):18-24, 1974.
16. H. Härtig. Security architectures revisited, 2002. http://os.inf.tudresden. de/papers_ps/secarch.pdf.
17. eTestingLab. Business Winstone 2002 and Multimedia Content Creation Winstone 2002, 2002. http://www.winstone.com.
18. Trusted Computing Group. TCG TPM specification version 1.2. http://www.trustedcomputinggroup.org, 2004.
19. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems, 10:265-310, November 1992.
20. M. Bellare and C. Namprempre. Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In Proceedings of the Advances in Cryptology - Asiacrypt’00, pp. 531-545. Springer-Verlag, Berlin, 2000.
21. H. Krawczyk. The order of encryption and authentication for protecting communication (or: how secure is SSL?). In Proceedings of Advances in Cryptology (Crypto 2001), pp. 310-331. Springer-Verlag, Berlin, 2001.
22. A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL, 1997.
23. R. Needham and M. Schroeder. Using encryption and authentication in large networks of computers. Communications of the ACM, 21:993-999, 1978.
24. M. Beller and Y. Yacobi. Fully-fledged two-way public key authentication and key management for low-cost terminals. Electronics Letters, 29:999-1001, 1993.
25. ISO/IEC 9798-3. Information technology - Security techniques - Entity authentication mechanisms - Part 3: mechanisms using digital signature techniques, 1998.
26. ISO/IEC 9594-8. Information technology - Open systems interconnection - The directory: public-key and attribute certificate frameworks, 2001.
27. E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132-145. ACM Press, New York, 2004.
28. H. Härtig, M. Hohmuth, J. Liedtke, S. Schönberg, and J.Wolter. The performance of µ-kernel-based systems. In Proceedings of the 16th Symposium on Operating Systems Principles (SOSP’97), pp. 66-77. ACM Press, New York, 1997.
29. J. Shapiro, J. Smith, and D. Faber. EROS: a fast capability system. In Proceedings of the 17th Symposium on Operating Systems Principles (SOSP-99), Operating Systems Review, pp. 170-185. ACM Press, New York, 1999.
30. P. Karger, M. Zurko, D. Bonin, A. Mason, and C. Kahn. A restrospective on the VAX VMM security kernel. IEEE Transactions on Software Engineering, 17(11):1147-1165, November 1991.
31. D. Bell and L. La Padula. Secure computer systems: mathematical foundations and model. Technical Report M74-244, Mitre Corporation, 1975.
32. P. Biddle, P. England, M. Peinado, and B. Willman. The Darknet and the future of content protection. In Proceedings of the 2nd ACM CCS Workshop on Digital Rights Management, pp. 155-176. Springer-Verlag, Berlin 2002.
33. C.Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux security modules: general security support in the Linux kernel. In Proceedings of the 11th USENIX Security Symposium, USENIX, Berkeley, CA, 2002.
34. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtualmachine based platform for trusted computing. In Proceedings of the 19th Symposium on Operating Systems Principles (SOSP’03), pp. 193-206. ACM Press, New York, 2003.
35. A. Whitaker, M. Shaw, and S. Gribble. Scale and performance in the Denali isolation kernel. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI’02), pp. 195-209. USENIX, Berkeley, CA, 2002.
36. W. A. Arbaugh, D. J. Faber, and J. M. Smith.Asecure and reliable bootstrap architecture. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 65-71. IEEE Computer Society, Los Alamites, CA, 1997.
37. N. Itoi, W. A. Arbaugh, S. J. Pollack, and D. M. Reeves. Personal secure booting. InV.Varadharajan andY. Mu, eds, Proceedings of 6th Australasian Conference on Information Security and Privacy (ACISP 2001), pp. 130-144. Springer-Verlag, Berlin, 2001.
38. B. Yee. Using Secure Coprocessors. Ph.D. thesis, Carnegie Mellon University, 1994.
39. S. W. Smith, E. R. Palmer, and S. Weingart. Using a high-performance, programmable secure coprocessor. In Proceedings of the Second International Conference on Financial Cryptography, pp. 73-89. Springer-Verlag, Berlin, 1998.
40. S. W. Smith and V. Austel. Trusting trusted hardware: towards a formal model for programmable secure coprocessors. In Proceedings of the Third USENIXWorkshop on Electronic Commerce, pp. 83-98. USENIX, Berkeley, CA, 1998.
41. S.W. Smith and S.Weingart. Building a high-performance, programmable secure coprocessor. Computer Networks, 31(8):831-860, April 1999.
42. P. Johns. Signing and marking Active X controls. In Developer Network News, 1996. http://msdn.microsoft.com/library/default.asp?url =library/ends/dnaxctrl/html/msdn_signmark.asp
43. D.Wallach, D. Balfanz, D. Dean, and E. Felten. Extensible security architectures for Java. Technical Report 546-97, Princeton University, Princeton, NJ, 1997.
44. R. Grimm and B. Bershad. Access control in extensible systems. Technical Report UW-CSE-97-11-01, University of Washington, 1997.
45. A. Fraser. File integrity in a disk-based multi-access system. In C. A. R. Hoare and R. H. Perrot, eds, Operating Systems Techniques. Academic Press, 1972.
46. P. England and M. Peinado. Authenticated operation of open computing devices. In Proceedings of 2002 Australian Conference on Information Security and Privacy (ACISP 2002), pp. 346-361. Springer-Verlag, Berlin, 2002.
47. E. Wobber, M. Abadi, M. Burrows, and B. Lampson. Authentication in the Taos operating system.ACMTransactions on Computer Systems, 12(1):3-32, February 1994.