【 摘 要 】

One of the key aspects of securing a system is to ensure separation and containment between different concerns. This could be between processes and communications within a single machine; through to different applications and network segments in an enterprise to customers in a shared data centre. Containment is generally achieved through a variety of often complex mechanisms making it hard to configure and even harder to assure users that the desired containment relationships are maintained. In this paper we present an approach to assuring users about containment of systems by developing an abstract containment model suitable for many situations. This model then has detail added, through a series of refinements, to become closer to the implementing technologies. We present a refinement for compartments recently added to HPUX. We then show how we can provide assurance reports to users demonstrating that the containment properties in the model are being achieved. 10 Pages

【 预 览 】

附件列表

Files	Size	Format	View
RO201804100002079LZ	139KB	PDF	download