TOS Library


This collection of references is an attempt to identify the many contributions made to the field of trusted operating systems. If you know of any references that should be added, or if you would like to provide a brief summary of these references, please contact the Trusted OS web site administrator.

Table Of Contents
  • 1. Major Historical Documents Relating to Trusted Operating Systems
  • 2. Labeling and Mandatory Access Control
  • 3. Integrity Labels
  • 4. Information Labels and Floating
  • 5. Privileges and Authorizations
  • 6. Security Kernels, Reference Monitors, Assurance
  • 7. Miscellaneous Topics


    1. Major Historical Documents Relating to Trusted Operating Systems

    D. Bell and L. LaPadula.     Secure Computer Systems: Mathematical Foundations. ESD-TR-73-278, Vol. I. Mitre Corporation, 1973.(PDF format)
    --This is the first volume in the original Mitre document series on the BLP model. The same comments apply to this volume as its related ones.

    National Computer Security Center. Department of Defencse Trusted Computer Security Evaluation Criteria, DoD 5200.28-STD.
    The TCSEC (Orange Book) is required reading for every computer security researcher or practitioner. It has guided the design and development of a large family of secure systems during the past decade and it continues to influence security research and development. The NCSC also publishes a collection of companion columes that are guides to understanding the various issues introduced in the Orange Book. These volumes are available from the NCSC and are referenced below.

    2. Labeling and Mandatory Access Control

    C. Flink and J. Weiss. System V/MLS: Mandatory Policy and Labeling Alternatives, AT&T Technical Journal, Vol. 67, No. 3. 1988.
    Chuck Flink and Jon Weiss introduce the security features of the UNIX System V/MLS. This system has been evaluated at the Orange Book B1 class and is in wide use across many government and commercial environments. The paper provides a detailed description of the labeling trade-offs that were considered during the UNIX System V/MLS design and development process. It is also an interesting case study in retrofitting security into an existing commercial system.

    National Computer Security Center. Department of Defencse Trusted Computer Security Evaluation Criteria, DoD 5200.28-STD.
    The TCSEC (Orange Book) is required reading for every computer security researcher or practitioner. It has guided the design and development of a large family of secure systems during the past decade and it continues to influence security research and development. The NCSC also publishes a collection of companion columes that are guides to understanding the various issues introduced in the Orange Book. These volumes are available from the NCSC and are referenced below.

    3. Integrity Labels

    4. Information Labels and Floating

    D. McIlroy and J. Reeds [1988]. Multilevel Security with Fewer Fetters, Proceedings of the European UNIX Users Group Conference, London, G.B.
    Doug McIlroy and Jim Reeds describe a secure UNIX implementation that attempts to impose minimal restrictions on users and maintain the original spirit of UNIX to the greatest degree possible. Floating labels are included in the implementation.

    5. Privileges and Authorizations

    6. Security Kernels, Reference Monitors, Assurance

    7. Miscellaneous Topics

    Amoroso, Edward. Fundamentals of Computer Technology. New Jersey:     Prentice Hall PTR, 1994.

    Pfleeger, Charles P. Security in Computing. 2nd ed. New Jersey: Prentice Hall PTR.

    		•