Issue No. 03 - May (1983 vol. 9)
G.H. MacEwen , Department of Computing and Information Science, Queen's University
This paper describes the design of a prototype experimental secure operating system kernel called xsl that supports compile-time enforcement of an information flow policy. The security model chosen is an extension of Feiertag's model modified to state requirements in terms of program analysis functions. A prototype flow analyzer for Pascal programs, based on Denning's model, has been designed and implemented for incorporation into xs1. In addition, a flow analyzer, based on London's model, has also been designed and implemented. Both kinds of enforcement are supported in xsl. Both program anallyzers use an intermediate code program representation, originally designed for code optimization. Implementation of the flow analyzers is in Euclid with the remainder of xsl in PascaL
system design, Access control, information flow, modularization, operating systems, security, software engineering
G. MacEwen, "The Design for a Secure System Based on Program Analysis," in IEEE Transactions on Software Engineering, vol. 9, no. , pp. 289-299, 1983.