Open AccessSecurity policy concepts for microprocessor-based systems
Author(s) -
Robert M Axline,
Richard C Ormesher
Publication year - 1989
Publication title -
osti oai (u.s. department of energy office of scientific and technical information)
Language(s) - English
Resource type - Reports
DOI - 10.2172/6138632
Subject(s) - executable , computer science , microprocessor , block (permutation group theory) , process (computing) , security policy , transfer (computing) , embedded system , computer hardware , access control , operating system , geometry , mathematics
This report presents security policies for microprocessor-based systems and gives an example of how to enforce these policies, using an independent, hardware-based monitor, in a hypothetical single-processor system. The purpose of these policies is to detect erroneous behavior of the microprocessor system and to guarantee that accesses (read, write, or execute), by executable procedures,to the various system resources (other procedure, data areas, and peripheral ports) are in accordance with rules that are defined precisely and completely. We present the main result of our research as a ''Second-Order Security Policy'', which describes a segmentation of system resources into a number of ''Blocks'' and defines access rights of each ''Process Block'' to all Blocks in the system. The hardware-monitor example is a conceptual design of an independent monitor that we believe can be built to enforce the second-order policy in real time. This approach will be effective in preventing erroneous accesses to data structures and peripherals and in detecting errors in the transfer of program control from Block to Block. 9 refs., 11 figs., 3 tabs.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom