usenix conference policies
A Domain and Type Enforcement UNIX Prototype
Lee Badger, Daniel F. Sterne, David L. Sherman and Kenneth M. Walker, and Sheila A. Haghighat, Trusted Information Systems, Inc.
UNIX system security today often relies on correct operation of numerous privileged subsystems and careful attention by expert system administrators. In the context of global and possibly hostile networks, these traditional UNIX weaknesses raise a legitimate question about whether UNIX systems are appropriate platforms for processing and safeguarding important information resources. Domain and Type Enforcement (DTE) is an access control technology for partitioning host operating systems such as UNIX into access control domains. Such partitioning has promise both to enforce organizational security policies that protect special classes of information and to generically strengthen operating systems against penetration attacks. This paper reviews the primary DTE concepts, discusses their application to IP networks and NFS, and then describes the design and implementation of a DTE UNIX prototype system.
author = {Lee Badger and Daniel F. Sterne and David L. Sherman and Kenneth M. Walker and Sheila A. Haghighat},
title = {A Domain and Type Enforcement {UNIX} Prototype},
booktitle = {5th USENIX UNIX Security Symposium (USENIX Security 95)},
year = {1995},
address = {Salt Lake City, UT},
url = {https://www.usenix.org/conference/5th-usenix-unix-security-symposium/domain-and-type-enforcement-unix-prototype},
publisher = {USENIX Association},
month = jun
}
connect with us