Design and Implementation of Security OS: A Case Study

keywords: Security OS, security kernel, access control, cryptographic file system, PAM
The importance of a security operating system (OS) with security-enhancing mechanisms at the kernel level, such as a reference monitor and a cryptographic file system, has been increasingly emphasized as the weaknesses and limitation of mechanisms at the user level have been revealed. However, when a system has only a reference monitor, the system is vulnerable to a low-level detour or a physical attack. In addition, when a system has only a cryptographic file system, the file system has a difficulty in protecting itself. To address these problems, we designed and developed a security OS with a reference monitor, a cryptographic file system, authentication limitation, and session limitation. Here we describe the model, its implementation, and its overheads.
reference: Vol. 27, 2008, No. 6, pp. 931–951