Abstract

Abstract Trusted Mach (TMach¹) is a trusted operating system with a type extensible framework supporting a client/sever architecture. The TCB implements the type framework and provides trusted system services within it. The framework is extensible: untrusted client software can define and implement new types using the same underlying microkernel mechanisms that the TCB uses to implement its types. To client software there is no visible difference between objects implemented by the TCB and objects of untrusted application servers. From a TCB modeling point of view, however, the difference between these two kinds of objects is critical. The definition of the subjects and security-objects of the system extends the TCSEC paradigm to encompass the system's extensibility. The paper presents an overview of TMach, a definition of its subjects and security-objects and an account of the assurance of the system as related to the type-based client/server architecture.

Date

1996

Authors

Terry C Vickers Benzel, E John Sebes, Homayoon Tajalli

Journal

Proceedings of the 18th National Information Systems Security Conference

Pages

83-99