1. Field of the Invention
The invention relates to the field of computer systems and more particularly to improved trusted operating systems.
2. Description of Related Art
In the early days of computers, commands were given to a processing element using the only language the processing element understood, namely machine language. Programmers soon appreciated the fact that certain types of procedures were repeated over and over again when using a digital computer. Some of these procedures included getting information from a keyboard, reading and writing information to memory, displaying information and the like. Since humans don't translate 1's and 0's very well and processing elements do not understand natural language, translators were developed for translating shorthand representations for some of these standardized routines into machine language. Assembly language statements were mnemonically related to the function invoked when the assembly language statement was translated into machine language. As programming languages developed, the commands set for invoking these repetitive functions became more and more like the natural language of the user. Operating systems such as DOS and UNIX were developed which permitted a user or an application process to invoke the repetitive functions utilizing commands that were somewhat recognizable to a human.
As multiple users begin to utilize computer systems in cooperative endeavors, a need for security became apparent to ensure that an unauthorized person did not affect adversely the data or programming work of others or the integrity of production programs.
Operating systems designed for small systems, such as DOS and Windows 95 (trademarks of Microsoft Corporation), have essentially no security features, apparently relying instead on the ability of a user to secure the computer on which the software runs. In order to provide security in an operating system, all access mechanisms need to be modified to prevent unauthorized access to information and programs. In the past, this was done by inserting special codes at various points throughout the software system.
The UNIX operating system provided only security based on ownership of the information. That is, the creator of the information “owned it” and therefore only he or she could authorize others to use that information.
The Problems
The distribution of security code throughout an operating system creates serious maintenance problems. With each revision of security policy, it becomes necessary to revise the source code and recompile it. This can be a slow and time consuming process. Further, different governments, different agencies and different customers have different needs. Therefore, to accommodate these needs, an operating system would require multiple versions and releases be maintained, one for each customer with different needs. The rapidity with which security policies change to face varying perceptions of threat means a constant and ongoing maintenance effort of substantial proportions to keep each version of the software current. Portability problems arise too, because sometimes special fixes incorporated into a version of software won't necessarily work on different platforms.
Further, separate operating system code versions would be required for a trusted operating system and a non-trusted version of the same operating system even though the functionality not related to security features should be substantially identical.
The code version maintained for different customers might be quite different in different countries. Where the security features of an operating system are to be evaluated by an agency, the evaluators want to know (1) where is your policy, (2) how does it work and (3) how do we know it was done right. Having to hunt through 10 million lines of code to identify the security features is something for which agency evaluators would have little tolerance.