Securing a personal computer

One of the core issues in the development of secure computer systems is the control of access to information. A subject, which is either a user or a process acting on behalf of a user, requests access to an object, which is a file or system resource. If the subject has the appropriate access rights, access to the object is granted. If it does not, access is denied. This is exactly what occurs in the military security policy, where access rights are defined by position in the linearly ordered set of security clearances for users and security classifications for information.;A great deal of work has been done over the last two decades to develop a successful computer implementation of the military security policy. This is the multilevel security (MLS) problem. The first and most recognized model of an MLS system is the Bell and La Padula model which gives two rules against which the system must check each request for access to information. The mechanism for doing this checking is known as a reference monitor, and it forms part of the overall verified and trusted portion of the computer, the security kernel.;Some projects have used varying amounts of hardware to implement their security kernels, but all have used large amounts of software. Software kernels display a number of problems; namely, the performance of the system is degraded, incompatibilities are created with existing software, and the entire kernel must be reverified every time a software upgrade is made. Thus there are significant gains to be made in the development of a purely hardware security kernel.;This thesis proposes a conceptual security system for a single user, multitasking personal computer. The security system includes a login authentication mechanism, a reference monitor, and encryption mechanisms for the data in secondary as well as primary memory. Because the proposed reference monitor was conceived through the search for a hardware security kernel, it should be reliant on relatively small amounts of trusted code, and should be largely host independent.