Timothy E. Levin, Cynthia E. Irvine, Thuy D. Nguyen


We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects provides enhanced protection for secure systems.


  1. Alves-Foss, Jim and Taylor, Carol. An Analysis of the GWV Security Policy. In Proc. of Fifth International Workshop on the ACL2 Theorem Prover and its Applications (ACL2-2004). November 2004.
  2. Ames, B. Real-Time Software Goes Modular. Military & Aerospace Electronics. Vol 14, No. 9. pp24-29. Sept. 2003.
  3. Anderson, J.P. On the Feasibility of Connecting RECON to an External Network. Tech. Report, James P. Anderson Co.. March 1981.
  4. Boebert, W. E. and R. Y. Kain. A Practical Alternative to Hierarchical Integrity Policies. In Proc. of the National Computer Security Conference. Vol. 8, Num. 18 1985.
  5. Common Criteria Project Sponsoring Organizations (CCPSO). Common Criteria for Information Technology Security Evaluation. Version 3.0 Revision 2, CCIMB-2005-07-[001, 002, 003]. June 2005.
  6. Department of Defense (DOD). Trusted Computer System Evaluation Criteria. DoD 5200.28-STD, December 1985.
  7. Irvine, C. E., Levin, T. E., Nguyen, T. D., and Dinolt, G. W. The Trusted Computing Exemplar Project. Proc. of the 2004 IEEE Systems, Man and Cybernetics Information Assurance Workshop. West Point, NY, June 2004. pp. 109-115.
  8. Irvine, C. E., SecureCore Project. last accessed 8 April 2006. last modified 5 April 2006. http://cisr.nps.edu/projects/securecore.html.
  9. Kemmerer, R.A. A Practical Approach to Identifying Storage and Timing Channels. In Proc. of the 1982 IEEE Symposium on Security and Privacy. Oakland, CA. April 1982. pp. 66-73.
  10. Lampson, B. Protection. In Proc. of 5th Princeton Conference on Information Sciences. Princeton, NJ. 1971. Reprinted in Operating Systems Reviews, 8(1): 18-24, 1974.
  11. Levin, T. E., Irvine, C. E., Nguyen, T. D.. A Note on High Robustness Requirements for Separation Kernels. 6th International Common Criteria Conference (ICCC 05). September 28-29, 2005.
  12. Loscocco, P.A. Smalley, S.D. (2001). Meeting critical security objectives with Security-Enhanced Linux. In Proc. of the 2001 Ottawa Linux Symposium
  13. Millen, J.K. Covert Channel Capacity. Proc of the IEEE Symposium on Research in Security and Privacy. Oakland, CA. pp. 60-66. April 1987.
  14. National Security Agency (NSA). U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness. 1 July 2004. http://niap.nist.gov/pp/draft_pps/ pp_draft_skpp_hr_v0.621.html
  15. Nguyen, T. D., Levin, T. E., and Irvine, C. E.. High Robustness Requirements in a Common Criteria Protection Profile. Proceedings of the Fourth IEEE International Information Assurance Workshop. Royal Holloway, UK. April 2006
  16. Preparata, F. P., and Yeh, R.T.. Introduction to Discrete Structures for Computer Science and Engineering. Addison Wesley. Reading, MA. 1973.
  17. Reed, D.P., and Kanodia, R.K.. Synchronization with Eventcounts and Sequencers. Communications of the ACM.. 22(2):115-123. 1979.
  18. Rushby. J.. Design And Verification Of Secure Systems. Operating Systems Review. 15(5). 1981.
  19. Saltzer, J. H., and Schroeder, M. D.. The Protection of Information in Operating Systems. Proceedings of the IEEE. 63(9):1278-1308. 1975.

Paper Citation

in Harvard Style

E. Levin T., E. Irvine C. and D. Nguyen T. (2006). LEAST PRIVILEGE IN SEPARATION KERNELS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 355-362. DOI: 10.5220/0002100103550362

in Bibtex Style

author={Timothy E. Levin and Cynthia E. Irvine and Thuy D. Nguyen},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},

in EndNote Style

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
SN - 978-972-8865-63-4
AU - E. Levin T.
AU - E. Irvine C.
AU - D. Nguyen T.
PY - 2006
SP - 355
EP - 362
DO - 10.5220/0002100103550362