Check out the new USENIX Web site. next up previous
Next: Microkernel-specific Features Up: General Support Mechanisms Previous: Requesting and Caching Security

   
Polyinstantiation Support


  
Figure: Polyinstantiation in Flask. A client requests the creation of a new object from an object manager, and the microkernel supplies the object manager with the SID of the client. The object manager sends a request for a SID for the member object to the security server, with the SID of the client, the SID of the polyinstantiated object and the object type as parameters. The security server consults the polyinstantiation rules in the policy logic, determines a security context for the member, and returns a SID that corresponds to that security context. Finally, the object manager selects a member based on the returned SID, and creates the object as a child of the member.
\includegraphics[width=0.95\columnwidth]{poly.eps}

A security policy may need to restrict the sharing of a fixed resource among clients by polyinstantiating the resource and partitioning the clients into sets which can share the same instantiation of the resource. For example, multi-level secure Unix systems frequently partition the /tmp directory, maintaining separate subdirectories for each security level [51]; the corresponding solution for Flask is discussed in Section A.1. A similar issue arises with the TCP or UDP port spaces, as discussed in Section A.2. The Flask architecture supports polyinstantiation by providing an interface by which the security server may identify which instantiation can be accessed by a particular client. Both the client and the instance are identified by SIDs. The instantiations are referred to as members. The general sequence of selecting a member is depicted in Figure 4.


next up previous
Next: Microkernel-specific Features Up: General Support Mechanisms Previous: Requesting and Caching Security
Stephen D. Smalley
1999-07-13