References

1

ATKINSON, R. J., MCDONALD, D. L., PHAN, B. G., METZ, C. W., AND CHIN, K. C. Implementation of ipv6 in 4.4 bsd. In Proceedings of the 1996 USENIX Technical Conference (January 1996), USENIX, pp. 113--125.

2

BISHOP, M., AND DILGER, M. Checking for race conditions in file accesses. Computing Systems 9, 2 (Spring 1996), 131--152.

3

BLAZE, M., FEIGENBAUM, J., AND LACY, J. Decentralized Trust Management. In IEEE Conference on Security and Privacy (May 1996), IEEE.

4

BLUM, M., AND KANNAN, S. Designing programs that check their work. JACM 42, 1 (January 1995), 269--291.

5

CLARK, P. C. BITS: A Smartcard Protected Operating System. PhD thesis, George Washington University, 1994.

6

DOD. Trusted computer system evaluation criteria. Tech. Rep. DOD 5200.28-STD, Department of Defense, December 1985.

7

ELISCHER, J. 386 boot. /sys/i386/boot/biosboot/README.386, July 1996. 2.1.5 FreeBSD.

8

ENGLER, D. R., KAASHOEK, M. F., AND JR., J. W. O. The operating system kernel as a secure programmable machine. In Proceedings of the Sixth SIGOPS European Workshop (September 1994), pp. 62--67.

9

G. DAVIDA, Y. D., AND MATT, B. Defending systems against viruses through cryptographic authentication. In 1989 IEEE Symposium on Security and Privacy (1989), IEEE, pp. 312--318.

10

GRIMES, R. At386 protected mode bootstrap loader. /sys/i386/boot/biosboot/README.MACH, October 1993. 2.1.5 FreeBSD.

11

HÄRTIG, H., KOWALSKI, O., AND KÜHNHAUSER, W. The Birlix security architecture. Journal of Computer Security 2, 1 (1993), 5--21.

12

LAMPSON, B., ABADI, M., AND BURROWS, M. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems v10 (November 1992), 265--310.

13

M. BRANSTAD, H. TAJALLI, F. M., AND DALVA, D. Access mediation in a message-passing kernel. In IEEE Conference on Security and Privacy (1989), pp. 66--71.

14

MAUGHAN, D., SCHERTLER, M., SCHNEIDER, M., AND TURNER, J. Internet security association and key management protocol (isakmp). Internet--draft, IPSEC Working Group, June 1996.

15

MICROSOFT. Authenticode techonology. Microsoft's Developer Network Library, October 1996.

16

MICROSOFT. Overview of fat, hpfs, and ntfs file systems. Knowledge Base Article Q100108, Microsoft, October 1996.

17

PHOENIX TECHNOLOGIES, L. System BIOS for IBM PCs, Compatiables, and EISA Computers, 2nd ed. Addison Wesley, 1991.

18

POZZO, M. M., AND GRAY, T. E. A model for the containment of computer viruses. In 1989 IEEE Symposium on Security and Privacy (1989), IEEE, pp. 312--318.

19

RSA DATA SECURITY, I. Bsafe 3.0 benchmarks. RSA Data Security Engineering Report, 1996. http://www.rsa.com/rsa/developers/bench.htm.

20

SCHROEDER, M. Engineering a security kernel for multics. In Fifth Symposium on Operating Systems Principles (November 1975), pp. 125--132.

21

TYGAR, J., AND YEE, B. Dyad: A system for using physically secure coprocessors. Technical Report CMU--CS--91--140R, Carnegie Mellon University, May 1991.

22

VERISIGN, I. Verisign certification practice statement. Tech. Rep. Version 1.1, Verisign, Inc., Mountain View, CA., August 1996.

23

YEE, B. Using Secure Coprocessors. PhD thesis, Carnegie Mellon University, 1994.