"JeZuZ" <tural31415@hotmail.com> wrote in message
news:1127310369.749812@seven.kulnet.kuleuven.ac.be ...
> How do you decide whether to include a mechanism in a security kernel or
> not? Policy? Is it based on trade-offs or kernel design, ...? Anyone
> who has a good reference for this?
>
> So far I read some things about security kernels in general, but not about
> how to decide what to include and what not.
>
> Thanks in advance,
> Jan
A security kernel should include ONLY the elements that provide the base
required to implement the security for your system. One example is the
virtualization of your physical memory, especially if this will be used in
enforcement. Another is the fundamental access mechanism
for your external storage and communication elements, e.g., disk, tape,
network, and terminal.
If memory and communications can be protected from snooping, and
cryptography and any non essential functions can be modularized and kept out
of the security kernel.
In general, keep everything possible OUT OF the security kernel.
See for example the University of Utah work.
Ed
Security kernels 
Linear Mode
