The Inevitability of Failure: The Flawed Assumption of Security in
Modern Computing Environments
Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell (National Security Agency)
tos@epoch.ncsc.mil
http://www.cs.utah.edu/flux/flask/
Abstract
Although public awareness of the need for security in computing systems
is growing rapidly, current efforts to provide security are unlikely to
succeed. Current security efforts suffer from the flawed assumption
that adequate security can be provided in applications with the
existing security mechanisms of mainstream operating systems. In
reality, the need for secure operating systems is growing in today's
computing environment due to substantial increases in connectivity and
data sharing. The goal of this paper is to motivate a renewed interest
in secure operating systems so that future security efforts may build
on a solid foundation. This paper identifies several secure operating
system features which are lacking in mainstream operating systems,
argues that these features are necessary to adequately protect general
application-space security mechanisms, and provides concrete examples
of how current security solutions are critically dependent on these
features.
The full paper (available in HTML, PostScript, and PDF) appears in the Proceedings of the 21st National Information Systems Security Conference, pages 303-314, October 1998.
Slides and Notes
from the presentation.