摘要 |
Secret information can sometimes be illicitly scavenged from host-readable and -writable memories in a terminal or other device arranged to access a computer. Access-mediating security kernel software attempts to clear such memories upon particular occasions such as, e.g., an attempt by a user to switch from accessing a more highly-secret process to accessing a less highly-secret process. A group of useful "black box" testing operations permits the security kernel to obtain certain empirical information about the characteristics of the terminal. The sending of a predetermined number of NUL characters serves as a timer both for the security kernel and for the terminal during some of the "black box" operations. In addition, specially designed terminal-control software may cooperate with the security kernel to support particular terminal functions such as a secure-reset routine responsive to a secure-reset command sent by the host. <IMAGE> |