Operating systems are typically computer programs or sets of computer programs that are loaded into a computer's memory and executed in order to control the subsequent operation of a computer. However, operating systems can also be embedded programs in firmware or hardware, particularly, for example, in portable devices such as mobile telephones and PDAs
Most, traditional computer operating systems offer some kind of logical protection to data in the form of access controls, which can be granted or denied to specific people or groups of people. Generally, in a system that offers discretionary access control (DAC) a user (as opposed to an administrator) is able to assign permissions to their data, which permit or deny others (or groups of others) access to the data. This is fine for individuals. However, some organisations, such as military or government organisations in particular, require the ability to more closely control access to information. For example, top secret information should not be visible to most people in an organisation, restricted information, as the label suggests, should not be generally available, whereas unrestricted information may be available for access by anyone in an organisation.
Accordingly, secure operating systems are known, which provide greater access control over an organisation's information. Typically, secure operating systems associate additional classifications or labels with files and apply so-called mandatory access control (MAC), which provides a means of restricting access to the files based on their sensitivity (for example, as represented by a sensitivity label). In contrast to DAC, under MAC a user does not have the right to determine who sees their data: only users having a compatible clearance are permitted to see the data. For example, a user with top secret clearance would not have the ability to permit others with a lesser clearance to see their data.
MAC can be expressed in terms of “compartments”. In practice, a compartment is typically a logical construct having an identifier such as a name, applied to which are a set of administrator-configured access control rules that define the compartment. Compartment rules are used to permit access only to those resources (such as files, processes and inter-process communication methods) necessary for an application to execute. These rules apply both to users and processes that have permission to operate in the compartment, and, accordingly, unless otherwise stated or unless the context dictates otherwise, such users and processes will be referred to herein generally as “entities”.
Thus, entities operating within a compartment can only access files, other process and resources that are defined to be accessible in the same compartment, unless specific rules are provided to the contrary.
Secure operating systems typically have the additional access controls built into the core or kernel of the operating system so that it is difficult to compromise the security. Known secure operating systems are SELinux™, Trusted Solaris™ and HP UX Compartments™, and aspects and embodiments of the present invention can be applied to these operating systems, although the principles taught are more widely applicable.
In some secure operating systems, MAC is implemented using traditional object attributes such as read, write and execute privileges. A benefit of this approach is simplicity, since the attributes are available for use or adaptation in known operating systems and can be applied in certain ways to enforce MAC policies, thereby upgrading a standard operating system into a more secure operating system. However, in other respects, the use of these standard attributes can lead to certain disadvantages, and it is an object of embodiments of the invention to at least mitigate one or more of the problems of the prior art.