V10/history/ix/src/doc/secunix/nsumma0

.fp 5 CW HL
.	\"NH - numbered heading
.de NH
.nr NS \\$1
.if !\\n(.$ .nr NS 1
.if !\\n(NS .nr NS 1
.nr H\\n(NS +1
.if !\\n(NS-4 .nr H5 0
.if !\\n(NS-3 .nr H4 0
.if !\\n(NS-2 .nr H3 0
.if !\\n(NS-1 .nr H2 0
.if !\\$1 .if \\n(.$ .nr H1 1
.ds SN \\n(H1.
.if \\n(NS-1 .as SN \\n(H2.
.if \\n(NS-2 .as SN \\n(H3.
.if \\n(NS-3 .as SN \\n(H4.
.if \\n(NS-4 .as SN \\n(H5.
.SH \\$1
\\*(SN  \\c
..
.EQ
delim off
.EN
.	\" cross-ref initialize
.de XI
.ds XR \\$1
.sy >>\\$1
.so \\$1
.sy >\\$1
..
.de xx
.ds y\\$1 [y\\$1]
.ds z\\$1 [z\\$1]
..
.xx 0
.xx 1
.xx 2
.xx 3
.xx 4
.xx 5
.xx 6
.xx 7
.xx 8
.xx 9
.xx a
.xx b
.xx c
.xx d
.xx e
.xx f
.xx g
.xx h
.xx i
.xx j
.xx k
.xx l
.xx m
.xx n
.xx o
.xx p
.xx q
.xx r
.xx s
.xx t
.xx u
.xx v
.xx w
.xx x
.xx y
.xx z
.xx A
.xx B
.xx C
.xx D
.xx E
.xx F
.xx G
.xx H
.xx I
.xx J
.xx K
.xx L
.xx M
.xx N
.xx O
.xx P
.xx Q
.xx R
.xx S
.xx T
.xx U
.xx V
.xx W
.xx X
.xx Y
.xx Z
.	\" label of section to be cross-referenced
.de XL
.	\"\(rh \\$1 \(lh	\" $
.ds SN \\n(H1
.if \\n(NS-1 .as SN .\\n(H2
.if \\n(NS-2 .as SN .\\n(H3
.if \\n(NS-3 .as SN .\\n(H4
.if \\n(NS-4 .as SN .\\n(H5
.if !"\\*(\\$1"\(sc\\*(SN" .tm \\$1 redefined
.sy echo .ds \\$1 '\\\\(sc\\*(SN' >>\\*(XR
..
.if "\*(.T"202" .fp 8 SC M2
.if "\*(.T"post" .fp 7 SC HB
.EQ
delim $$
define !<= % "\o'\(<=/'" %
define ->* % => %
define bottom % "\fS\N'94'\fP" %
define top % "\f(U6\N'193'\fP" %
define not % "\(no" %
define empty % "\(es" %
define or % "\e/" %
define and % "/\e" %
define error % bold "error" %
define true % bold "true" %
define false % bold "false" %
define ELAB % font CW "ELAB" %
define EPRIV % font CW "EPRIV" %
define EPERM % font CW "EPERM" %
define SIGLAB % font CW "SIGLAB" %
define SIGPIPE % font CW "SIGPIPE" %
define SIGSPY % font CW "SIGSPY" %
define member % "\(mo" %
define within % "\(sb" %
define meet % "\(ca" %
define join % "\(cu" %
define SCRIPTA %font SC A%
define LL %font SC L%
define LLstar %LL *%
define YES %bold yes%
define NO %bold no%
define Lnew %L sub { roman new } %
define Tsetpriv %T sub {roman setpriv}%
define Tsetlic %T sub {roman setlic}%
define Tnochk %T sub {roman nochk}%
define Textern %T sub {roman extern}%
define Tuarea %T sub {roman uarea}%
define Tlog %T sub {roman log}%
define Tvec % bold T %
define Tx %T sub x%
define Usetpriv %U sub {roman setpriv}%
define Usetlic %U sub {roman setlic}%
define Unochk %U sub {roman nochk}%
define Umount %U sub {roman mount}%
define Uuarea %U sub {roman uarea}%
define Uvec % bold U %
define Ux %U sub x%
define Vvec %bold V%
define CONST %bold const%
define FROZEN %bold frozen%
define RIGID %bold rigid%
define LOOSE %bold loose%
define PEXED %bold pexed%
define UNPEXED %bold unpexed%
define UNPEXING %bold unpexing%
define FIOPX %font CW "FIOPX"%
define FIONPX %font CW "FIONPX"%
define FIOQX %font CW "FIOQX"%
.EN
.hw super-user
.nr VN 22
.nr NU 8
.nr P< 0
.nr P> 0
.ds MO August
.ds DY 5 December 1991
.ds DR 15 May 1992
.TL "MULTILEVEL SECURITY" "M. D. McILROY AND J. A. REEDS"
Multilevel Security in the UNIX Tradition
.\"(DRAFT \n(mo/\n(dy/\n(yr)
.AU
M. D. McILROY AND J. A. REEDS
.AI
.MH
.AB
The original
.UX
system was designed to be small and intelligible,
achieving power by generality rather
than by a profusion of features.
In this spirit we have designed and implemented IX,
a multilevel-secure variant of the
Bell Labs research system.
IX aims at sound, practical security, suitable
for private- and public-sector uses
other than critical national-security applications.
The major security features are: private paths for
safe cooperation among
privileged processes, structured 
management of privilege, and security labels
to classify information for purposes of privacy and integrity.
The labels of files and processes are checked at every system
call that involves data flow and are adjusted
dynamically to assure that labels on outputs reflect labels
on inputs.
.AE
.OK "Computer security  Operating systems  Dynamic labels  Integrity  Privilege
.XI .summaref
.tr ~ 
|reference_database(summa.ref)
|reference_style(spe)