ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A hardware architecture for controlling information flow
Full text PdfPdf (517 KB)
Source International Symposium on Computer Architecture archive
Proceedings of the 5th annual symposium on Computer architecture table of contents
Pages: 73 - 77  
Year of Publication: 1978
Authors
Harry J. Saal
Israel Gat
Sponsors
ACM: Association for Computing Machinery
IEEE-CS : Computer Society
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 12,   Downloads (12 Months): 27,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/800094.803030
What is a DOI?

ABSTRACT

The foundations of capability schemes are critically examined. The context free utilization of capabilities once acquired is shown to be inconsistent with both least privilege norm and information flow requirements. An enhanced Capability Vector mechanism which pre-confines the set of capabilities with which a given capability can be combined is proposed. It is shown that capability vectors dynamically define an information flow structure which is potentially more refined, flexible, and versatile than traditional information classification systems. Based on this property, a Generalized Capability Vector machine which enforces a controlled information flow policy is designed. The proposed machine supports programmable resources which are either statically or dynamically bound to an information class.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Bell, D.E. and LaPadula L.J., Secure Computer Systems: Unified Exposition and MULTICS Interpretation, ESD-TR-75-306, Electronic Systems Division, AFSC, Hanscom Field, Bedford, Mass. 01731, 1976.
 
2
Bernstein, A.J. and Quaynor N., Private Communication.
 
3
Denning, D.E., Denning, P.J. and Graham, G.S., Selectively Confined Subsystems, IRIA International Workshop on Protection in Operating Systems, Rocquencourt, August 1974, 55-61.
4
Jack B. Dennis , Earl C. Van Horn, Programming semantics for multiprogrammed computations, Communications of the ACM, v.9 n.3, p.143-155, March 1966  [doi>10.1145/365230.365252]
 
5
Dorothy Elizabeth Robling Denning, Secure information flow in computer systems., 1975
6
Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976  [doi>10.1145/360051.360056]
 
7
Fenton, J.S. Memoryless Subsystems, The Computer Journal 17,2 (May 1974), 143-147.
 
8
Fenton, J.S. An Abstract Computer Model Demonstrating Directional Information Flow, To appear in Theoretical Computer Science.
 
9
Gat, I. and Saal, H.J., Memoryless Execution: A Programmer's Viewpoint, Software Practice and Experience 6,4 (October- December 1976), 463-471.
 
10
Gat, I., Security Aspects of Computer Systems, Ph.D. Thesis, Technion- Israel Institute of Technology, Computer Science Department, 1976.
11
Anita K. Jones , Richard J. Lipton, The enforcement of security policies for computation, Proceedings of the fifth ACM symposium on Operating systems principles, p.197-206, November 19-21, 1975, Austin, Texas, United States
 
12
Lampson, B.W., Protection, Proc. Fifth Annual Princeton Conference on Information Sciences and Systems, March 1971, 437-443.
 
13
Saltzer, H.J. and Schroeder, M.D., Protection of Information in Computer Systems, Proceedings of the IEEE 63,9 (September 1975), 1278-1308.
 
14
M. D. Schroeder, COOPERATION OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY, Massachusetts Institute of Technology, Cambridge, MA, 1972

CITED BY  6
G. J. Myers , B. R. S. Buckingham, A hardware implementation of capability-based addressing, ACM SIGARCH Computer Architecture News, v.8 n.6, p.12-24, October 1980
G. J. Myers , B. R. S. Buckingham, A hardware implementation of capability-based addressing, ACM SIGOPS Operating Systems Review, v.14 n.4, p.13-25, October 1980
G. Edward Suh , Jae W. Lee , David Zhang , Srinivas Devadas, Secure program execution via dynamic information flow tracking, ACM SIGPLAN Notices, v.39 n.11, November 2004
Neil Vachharajani , Matthew J. Bridges , Jonathan Chang , Ram Rangan , Guilherme Ottoni , Jason A. Blome , George A. Reis , Manish Vachharajani , David I. August, RIFLE: An Architectural Framework for User-Centric Information-Flow Security, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.243-254, December 04-08, 2004, Portland, Oregon
Charles R. Young, A security policy for a profile-oriented operating system, Proceedings of the May 4-7, 1981, national computer conference, May 04-07, 1981, Chicago, Illinois
Martin Dimitrov , Huiyang Zhou, Anomaly-based bug prediction, isolation, and validation: an automated approach for software debugging, ACM SIGPLAN Notices, v.44 n.3, March 2009

INDEX TERMS

Primary Classification:
  I. Computing Methodologies
  I.3 COMPUTER GRAPHICS
      I.3.1 Hardware architecture


General Terms:
Theory

Collaborative Colleagues:
Harry J. Saal: colleagues
Israel Gat: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player