Minimal kernels and security

The purpose of this document is to investigate which facilities are required in a minimal kernel to provide an environment where users can be assured that certain levels of security will be enforced. Various features are discussed with reference to three minimal kernels.Chorus, VAX VMM and Alpha, are investigated and their main features described. The ability of these kernels to provide the desired environment is discussed and their shortcomings exposed. Further issues and options are then discussed to determine what other features may be incorporated to improve the level of security available to the user and more questions are raised. Finally an attempt is made to define those elements which are necessary in a kernel to enforce the level of security requested by a user, but which do not impose extra costs on other users who do not require the same degree of protection.