V10/history/ix/src/doc/secunix/title

.TL
The IX Multilevel-Secure UNIX System
.AU
J. A. Reeds
.AU
M. D. McIlroy
.AB
.AE
.PP
A collection of papers about the IX system, a simple but
comprehensive multilevel-secure operating system with
mandatory access control, based on the research v10
.UX
system.
.PP
The IX security model centers on processes and
files or channels (not on ``subjects'' and ``objects'').
The system calculates security-classification
labels dynamically, so that outputs are classified
as highly as the inputs from which they were derived.
The label mechanism is 
.I mandatory ;
not even the superuser can subvert it.
.PP
A structured privilege mechanism allows system and security 
administrators to bend the rules in an orderly way for purposes 
such as maintenance or document declassification.
Privilege may be suballocated in parts of the label space
so that projects may administer their own security.
.PP
A private-channel mechanism guarantees freedom from eavesdropping
or spoofing for communications among trusted
processes and for special communications, such as password
dialogs, with external sources.
.PP
The papers in the collection are
.LP
.I
Multilevel Security in the
.UX
Tradition.
.R
An overview of the IX system and important utilities.
19 pages.
.LP
.I
The Design of IX.
.R
Detailed specification of the security behavior of the kernel.
32 pages.
.LP
.I
A Tour of IX.
.R
Some examples of the use of security labels and of
privilege in IX.
11 pages.
.LP
.I
Multilevel Windows on a Single-Level Terminal.
.R
The workings of
.I mux,
a windowed-terminal handler, when it is possible for
run differently classified sessions in different windows.
3 pages.
.LP
.I "Secure IX Network.
A discussion of the major security features of IX and how they
could be extended to a network of secure computers.
8 pages.
.LP
.B Appendix.
.LP
.I Glossary.
The jargon of IX that differs from that of 
.UX .
2 pages.
.LP
.I "Manual Pages.
Features peculiar to IX described in the classical
.UX
style.
50 pages.