The LINK Operating System Architecture and Security Model
Author
Terkelsen, Anders Franz
Term
4. term
Education
Publication year
2007
Abstract
LINK Is Not a Kernel (LINK) er en ny operativsystemarkitektur til IA-32 (x86)-computere. I stedet for en enkelt kerne fordeles operativsystemets opgaver på flere samarbejdende systemtjenester. På x86 findes privilegeniveauer fra 0 (højest) til 3 (lavest). I LINK kører alle systemtjenester på niveau 3, bortset fra én: opgaveskifteren, som kører på niveau 0 for at udføre kontekstskift (at skifte CPU'en mellem opgaver). Afhandlingen introducerer en ny sikkerhedsmodel baseret på hierarkisk navngivne capabilities (adgangsrettigheder organiseret i en træ-/mappestruktur). Modellen er formelt analyseret, og det bevises, at den kan bruges til at ræsonnere om adgangskontrol og informationsflow. Det bevises også, at LINKs sikkerhedsmodel kan simulere Unix' bruger-gruppe-sikkerhedsmodel.
LINK Is Not a Kernel (LINK) is a new operating system architecture for IA-32 (x86) computers. Instead of a single kernel, the operating system's work is split across multiple cooperating system services. On x86, privilege levels range from 0 (most privileged) to 3 (least privileged). In LINK, all system services run at level 3 except one: the task switcher, which runs at level 0 to perform context switches (switching the CPU between tasks). The thesis introduces a new security model built on hierarchically named capabilities (permissions organized in a tree-like naming scheme). The model is formally analyzed, with proofs that it supports reasoning about access control and information flow. It is also proved that the LINK security model can simulate the Unix user-group security model.
[This abstract was generated with the help of AI]
Documents