The Community for Technology Leaders
RSS Icon
Issue No.06 - Nov.-Dec. (2012 vol.10)
pp: 26-35
Steve Lipner , Microsoft
Trent Jaeger , Pennsylvania State University
Mary Ellen Zurko , Cisco Systems
The authors take a look back at VAX/SVS, a high-assurance virtual machine monitor (VMM) project from the 1980s, extracting its most pertinent lessons, including reference monitor architectural principles, approaches to verifiable and tamperproof access control, the benefits of layering, the impacts of minimization and verification, and the reasons behind its cancellation.
Virtual machines, Access control, Monitoring, Privacy, Virtual machining, Information security, Computer security, VMM, security kernels, verification, assurance, VAX/SVS, virtual machine monitor
Steve Lipner, Trent Jaeger, Mary Ellen Zurko, "Lessons from VAX/SVS for High-Assurance VM Systems", IEEE Security & Privacy, vol.10, no. 6, pp. 26-35, Nov.-Dec. 2012, doi:10.1109/MSP.2012.87
1. P.A. Karger et al., “A VMM Security Kernel for the VAX Architecture,” Proc. IEEE Symp. Research in Security and Privacy, IEEE CS, 1990, pp. 2–19.
2. K.F. Seiden and J.P. Melanson, “The Auditing Facility for a VMM Security Kernel,” IEEE Symp. Research in Security and Privacy, IEEE CS, 1990, pp. 262–277.
3. J.C. Wray, “An Analysis of Covert Timing Channels,” Proc. IEEE Symp. Security and Privacy, IEEE CS, 1991, pp. 2–7.
4. P.A. Karger and J.C. Wray, “Storage Channels in Disk Arm Optimization,” Proc. IEEE Symp. Security and Privacy, IEEE CS, 1991, pp. 52–61.
5. N. Adleman et al., Security Kernel Evaluation for Multics and Secure Multics Design, Development and Certification, Semi-annual Progress Rept. 1 Jan–30 June 76, report NTIS AD-A038 261/4, Honeywell Information Systems, Aug. 1976.
6. R.J. Feiertag and P.G. Neumann, “The Foundations of a Provably Secure Operating System (PSOS),” Proc. Nat'l Computer Conf., AFIPS, 1979, pp. 329–334.
7. L.J. Fraim, “Scomp: A Solution to the Multilevel Security Problem,” Computer, vol. 16, no. 7, 1983, pp. 26–34.
8. J.P. Anderson, Computer Security Technology Planning Study, report ESD-TR-73-51, MITRE, Air Force Electronic Systems Division, Hanscom, 1972.
9. E.W. Dijkstra, “The Structure of the 'THE'-Multiprogramming System,” Comm. ACM, vol. 11, no. 5, 1968, pp. 341–346.
10. D.E. Bell and L.J. LaPadula,Secure Computer System: {Unified} Exposition and {Multics} Interpretation, report ESD-TR-75-306, Deputy for Command and Management Systems, HQ Electronic Systems Division, Mar. 1976.
11. K.J. Biba, Integrity Considerations for Secure Computer Systems, report ESD-TR-76-372, MITRE, Apr. 1977.
12. C. Larman, Agile and Iterative Development: A Manager's Guide, Addison-Wesley, 2004, p. 27.
13. M.E. Conway, “How Do Committees Invent?” Datamation, vol. 14, no. 5, 1968, pp. 28–31.
14. G. Klein et al., “seL4: Formal Verification of an OS Kernel,” Symp. Operating Systems Principles, ACM, 2009, pp. 207–220.
15. I.S. Moskowitz and A.R. Miller, “The Influence of Delay upon an Idealized Channel's Bandwidth,” Proc. IEEE Symp. Research in Security and Privacy, IEEE CS, 1992, pp. 62–67.
16. P.A. Karger et al., “A Retrospective on the VAX VMM Security Kernel,” IEEE Trans. Software Engineering, vol. 17, no. 11, 1991, pp. 1147–1165.
100 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool