Wolthusen, S.S.Wolthusen2022-03-092022-03-092001https://publica.fraunhofer.de/handle/publica/337717This paper discusses the enhancement of security in general purpose operating systems, especially related to threats caused by internetworking, using extensions to operating systems. Such mechanisms have a significantly larger basis for reaching security policy decisions than older host-level security mechanisms and firewalls. By layering defensive mechanisms yet enforcing a consistent security policy across the security layers, goals such as workload distribution, vulnerability compartmentalization, and hierarchical refinement of security policies can be achieved.ensecurity policyoperating system extensionfirewallingaccess controlauditing006conference paper