A component-based policy-neutral architecture for kernel-level access control

Protection should fundamentally be flexible for devices roaming in Beyond 3G networks. In this federation of heterogeneous access networks, each sub-network comes with its own security requirements, policies, and protocols. Foundational element of device security, the embedded OS itself, should become adaptable to make it possible to tune its protection mechanisms to the current security context, notably to support multiple authorization policies. We show how flexibility can be applied to the kernel authorization architecture by adopting a component-based OS design, the component serving as single abstraction for reconfiguration and security. We present a policy-neutral access control architecture called CRACKER (Component-based Reconfigurable Access Control for KERnels) for component-based operating systems. CRACKER supports a wide range of authorization policies, and permits policy reconfiguration, in the same or in different security models. Specified in the Fractal component model, and implemented in the Think OS, CRACKER illustrates how flexible kernel authorization can be realized while maintaining acceptable system performance.