Abstract

This paper introduces a state machine model for trusted processes that makes explicit use of the notion of locking part of the state space in order to allow privileged actions to overlap. It controls the interaction between overlapping actions by restricting the events that can change the locks, using the locks to restrict which events can change which parts of the state space, and preventing the initiation of actions that would interfere with currently executing ones.

Date

January 1, 1970

Authors

Terry C Vickers Benzel

Journal

position paper, Seventh Annual Computer Security Applications Conference