Author
V. D. Gligor,J. C. Huskamp,S. R. Welke,C. J. Linn,W. T. Mayfield
Abstract
This paper, through the use of a "traditional" capability-based system model, is
intended to clarify the role of capabilities in supporting different security
policies. In particular, the ability of these "traditional" systems to meet the
Trusted Computer Security Evaluation Criteria [TCSEC83] is analyzed. The paper
is further intended to be used as a background reference by the National
Computer Security Center (NCSC) Product Evaluation Teams when they are involved
in the evaluation of new capability-based products.
The authors have assumed that the readers of this paper are computer professionals
(e.g., NCSC Product Evaluation Team members or designers of computer operating
systems) who are well versed in data structures, operating system principles,
and operating system architectures, and who are also relatively familiar with
security concepts and models.
Virgil Gligor from the University of Maryland served as principal researcher.
Many other individuals also have contributed to the production of this paper.
We wish to acknowledge the assistance of Dan Nesset, Lawrence Livermore Labs;
Richard Kain, University of Minnesota; Norman Hardy, Susan Rajunas, et. al.,
of Keylogic, Inc.; and Roger Schell of Gemini Computers, Inc., for their
thorough review and critique of the initial drafts of this paper. Their comments
helped significantly in providing better focus and presentation of the material.
The authors, however, remain responsible for the accuracy and appropriateness
of this final version.