Skip to main content
SpringerLink
Log in

Covert Channel Analysis of the Password-Capability System

  • Conference paper
Book cover Advances in Computer Systems Architecture (ACSAC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3740))

Included in the following conference series:

Abstract

The Password-Capability System is a compact operating system with an access control mechanism based on password-capabilities. We show that the system is able to support several security paradigms which solve real-world problems not adequately addressed by conventional operating systems such as Windows and Unix. We show also that these paradigms are only effective if the system is free from covert channels. To this end, we carry out a covert channel analysis of the system and outline the elimination of all channels found.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Dennis, J.B., Van Horn, E.C.: Programming semantics for multiprogrammed computations. Communications of the ACM 9, 143–155 (1966)

    Article  MATH  Google Scholar 

  2. Myers, G.J., Buckingham, B.R.S.: A hardware implementation of capability-based addressing. ACM SIGARCH Computer Architecture News 8, 12–24 (1980)

    Article  Google Scholar 

  3. Keedy, J.L., Espenlaub, K., Hellman, R., Pose, R.D.: SPEEDOS: How to achieve high security and understand it. In: Proceedings of CERT Conf. 2000, Omaha, Nebraska, USA (2000)

    Google Scholar 

  4. Abramson, D.A., Rosenberg, J.: The microarchitecture of a capability-based computer. In: Proceedings of the 19th annual workshop on Microprogramming, New York, USA, pp. 138–145 (1986)

    Google Scholar 

  5. Cohen, E., Jefferson, D.: Protection in the Hydra operating system. In: Proceedings of the Fifth ACM Symposium on Operating System Principles, pp. 141–160. ACM Press, New York (1975)

    Chapter  Google Scholar 

  6. Jones, A.K.: Capability architecture revisited. Operating Systems Review 14, 33–35 (1980)

    Article  Google Scholar 

  7. Mossop, D., Pose, R.: Semantics of the Password-Capability System. In: Proceedings of the IADIS International Conference, Applied Computing 2005, vol. 1, pp. 121–128 (2005)

    Google Scholar 

  8. Castro, M.D.: The Walnut Kernel: A Password-Capability Based Operating System. PhD thesis, Monash University (1996)

    Google Scholar 

  9. Wallace, C.S., Pose, R.D.: Charging in a secure environment. In: Security and Persistence, pp. 85–97. Springer, Heidelberg (1990)

    Google Scholar 

  10. Anderson, M., Wallace, C.S.: Some comments on the implementation of capabilities. The Australian Computer Journal 20, 122–130 (1988)

    Google Scholar 

  11. Anderson, M., Pose, R.D., Wallace, C.S.: A password-capability system. The Computer Journal 29, 1–8 (1986)

    Article  Google Scholar 

  12. Heiser, G., Elphinstone, K., Vochteloo, J., Russell, S., Liedtke, J.: The Mungi single-address-space operating system. Software Practice and Experience 28, 901–928 (1998)

    Article  Google Scholar 

  13. Vochteloo, J.: Design, Implementation and Performance of Protection in the Mungi Single-Address-Space Operating System. PhD thesis, University of NSW, Sydney 2052, Australia (1998)

    Google Scholar 

  14. Vochteloo, J., Elphinstone, K., Russell, S., Heiser, G.: Protection domain extensions in Mungi. In: Proceedings of the 5th IEEE International Workshop on Object Orientation in Operating Systems, Seattle, WA, USA (1996)

    Google Scholar 

  15. Vochteloo, J., Russell, S., Heiser, G.: Capability-based protection in the Mungi operating system. In: Proceedings of the 3rd IEEE International Workshop on Object Orientation in Operating Systems, Asheville, NC, USA (1993)

    Google Scholar 

  16. Chase, J.S., Baker-Harvey, M., Levy, H.M., Lazowska, E.D.: Opal: A single address space system for 64-bit architectures. In: Proceedings of the Third Workshop on Workstation Operating Systems, pp. 80–85. ACM Press, New York (1992)

    Chapter  Google Scholar 

  17. Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16, 613–615 (1973)

    Article  Google Scholar 

  18. NCSC. A guide to understanding covert channel analysis of trusted systems. Technical Report NCSC-TG-030, National Computer Security Center (1993)

    Google Scholar 

  19. Tsai, C.R., Gligor, V.D., Chandersekaran, C.: A formal method for the identification of covert storage channels in source code. IEEE Transactions on Software Engineering 16, 569–580 (1990)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Software Engineering, Monash University, Clayton, Victoria, 3800, Australia

    Dan Mossop & Ronald Pose

Authors
  1. Dan Mossop
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ronald Pose
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for High Performance Embedded Systems, School of Computer Engineering, Nanyang Technological University, 639798, Singapore

    Thambipillai Srikanthan

  2. National ICT, Australia

    Jingling Xue

  3. Centre for High Performance Embedded Systems, Nanyang Technological University, 639798, Singapore

    Chip-Hong Chang

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mossop, D., Pose, R. (2005). Covert Channel Analysis of the Password-Capability System. In: Srikanthan, T., Xue, J., Chang, CH. (eds) Advances in Computer Systems Architecture. ACSAC 2005. Lecture Notes in Computer Science, vol 3740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11572961_53

Download citation

  • DOI: https://doi.org/10.1007/11572961_53

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29643-0

  • Online ISBN: 978-3-540-32108-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation