179 Bibliography [1] Solaris Trusted Extensions Developer’s Guide. http:docs.sun.comappdocsdoc819-7312 , 2008. [2] M. Abadi, E. Wobber, M. Burrows, and B. Lampson. Authentication in the Taos Operating System. In Proceedings of the 14th ACM Symposium on Operating System Principles, pp. 256–269, Asheville, NC, 1993. DOI: 10.1145168619.168640 [3] A. Acharya and M. Raje. MAPbox: Using parameterized behavior classes to confine untrusted applications. In Proceedings of the 9th USENIX Security Symposium, August 2000. [4] W. B. Ackerman and W. W. Plummer. An implementation of a multiprocessing computer system. In Proceedings of the First ACM Symposium on Operating Systems Principles, 1967. DOI: 10.1145800001.811666 [5] Aesec corporation, 2008. http:www.aesec.com . [6] A. Alexandrov, P. Kmiec, and K. Schauser. Consh: A confined execution environment for internet computations. In Proceedings of the 1999 USENIX Annual Technical Conference, 1999. [7] J. Alves-Foss, W. S. Harrison, P. Oman, and C. Taylor. The MILS architecture for high assurance embedded systems. International Journal of Embedded Systems, 2007. In press. DOI: 10.1504IJES.2006.014859 [8] AMD IO Virtualization Technology IOMMU Specification. Technical Report 34434, Advanced Micro Devices, Inc. http:www.amd.comus-enassetscontent_typewhite_papers_and_tech_docs 34434.pdf , February 2007. [9] B. Ames. Real-time software goes modular. Military Aerospace Electronics, 149, 2003. [10] S. A. Ames, M. Gasser, and R. R. Schell. Security Kernel Design and Implementation: An Introduction. IEEE Computer, 167:14–22, 1983. DOI: 10.1109MC.1983.1654439 [11] J. P. Anderson. Computer security technology planning study. Technical Report ESD-TR- 73-51, The MITRE Corporation, Air Force Electronic Systems Division, Hanscom AFB, Badford, MA, 1972. [12] M. Anderson, R. D. Pose, and C. S. Wallace. A password capability system. The Computer Journal, 291:1–8, February 1986. DOI: 10.1093comjnl29.1.1 180 BIBLIOGRAPHY [13] Security starts with your operating system. http:www.argus-systems.comhome3.shtml , 2008. [14] Evaluation of IBM PRSM zSeries990890. atsec News Release at http:www.atsec.com01news-article-63.html , 2005. [15] L. Badger, D. F. Sterne, D. L. Sherman, K. M.Walker, and S. A. Haghighat. A domain and type enforcement UNIX prototype. In Proceedings of the 5th USENIX Security Symposium, 1995. DOI: 10.1109SECPRI.1995.398923 [16] L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, and S. A. Haghighat. Practical Domain and Type Enforcement for UNIX. In SP ’95: Proceedings of the 1995 IEEE Sym- posium on Security and Privacy, p. 66, IEEE Computer Society, Washington, DC, 1995. DOI: 10.1109SECPRI.1995.398923 [17] A. Baliga, P. Kamat, and L. Iftode. Lurking in the Shadows: Identifying systemic threats to kernel data. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 246–251, May 2007. DOI: 10.1109SP.2007.25 [18] T. Ball and S. Rajamani. The SLAM toolkit: Debugging system software via static analysis. In Proceedings of the ACM Conference on Principles of Programming Languages, January 2002. [19] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of the Symposium on Operating Systems Principles SOSP, October 2003. DOI: 10.1145945445.945462 [20] Bastille Linux. http:www.bastille-linux.org . [21] DigitalNet - Solutions - Information Assurance. http:www.digitalnet.comsolutionsinformation_assurance xts300sol_ste.htm\hadg , 2008. [22] XTS-400 Trusted Computer System, from BEA Systems. http:www.baesystems.comProductsServicesbae_prod_csit_xts400.html , 2008. [23] D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, Deputy for Command and Management Systems, HQ Electronic Systems Division AFSC, L. G. Hanscom Field, Bedford, MA, March 1976. Also, MITRE Technical Report MTR-2997. [24] M. Bellis. Inventors of the modern computer. http:inventors.about.comlibraryweeklyaa033099.htm .