Overview of a high assurance architecture for distributed multilevel security

Proceedings fron the Fifth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC

Volumn , Issue , 2004, Pages 38-45

  Irvine, Cynthia E ^a   Levin, Timothy E ^a   Nguyen, Thuy D ^a   Shifflett, David ^a   Khosalim, Jean ^a   Clark, Paul C ^a   Wong, Albert ^a   Afinidad, Francis ^a   Bibighaus, David ^a   Sears, Joseph ^a  

^a NAVAL POSTGRADUATE SCHOOL   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTEGRATED SECURITY STRUCTURE; NETWORK SECURITY; SECURITY POLICIES; SECURITY SERVICES;

CLIENT SERVER COMPUTER SYSTEMS; COMPUTER ARCHITECTURE; COMPUTER OPERATING SYSTEMS; COMPUTER SYSTEMS; DATA REDUCTION; INTERFACES (COMPUTER); PERSONAL COMPUTERS;

SECURITY OF DATA;

EID: 20144389120     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (47)

1. C. E. Irvine and T. E. Levin, "Quality of Security Service," in Proceedings of the New Security Paradigms Workshop, (Balley-cotten, Ireland), pp. 91-99, ACM Press, September 2000.
2. D. E. Bell and L. LaPadula, "Secure Computer System: Unified Exposition and Multics Interpretation," Tech. Rep. ESD-TR-75-306, MITRE Corp., Hanscom AFB, MA, 1975.
3. K. J. Biba, "Integrity Considerations for Secure Computer Systems," Tech. Rep. ESD-TR-76-372, MITRE Corp., 1977.
4. Department of Defense Trusted Computer System Evaluation Criteria. No. DoD 5200.28-STD, National Computer Security Center, December 1985.
5. ISO/IEC 15408 - Common Criteria for Information Technology Security Evaluation. No. CCIB-99-031, International Organization for Standardisation, version 2.0 ed., August 1999.
6. National Computer Security Center, Final Evaluation Report of HFSI XTS-200, CSC-EPL-92/003 C-Evaluation No. 21-92, 27 May 1992.
7. R. Mohan, T. E. Levin, and C. E. Irvine, "An Editor for Adpative XML-Based Policy Management of IPsec," in Proceedings of the 19th Computer Security Applications Conference, (Las Vegas, NV), pp. 276-285, IEEE Computer Society, December 2003.
8. C. E. Irvine, T. Acheson, and M. F. Thompson, "Building Trust into a Multilevel File System," in Proceedings 13th National Computer Security Conference, (Washington, DC), pp. 450-459, October 1990.
9. B. Eads, "Developing a High Assurance Multilevel Mail Server," Master's thesis, Naval Postgraduate School, Monterey, CA, March 1999.
10. E. Bersack, "Implementation of a HTTP (Web) Server on a High Assurance Multilevel Secure Platform," Master's thesis, Naval Postgraduate School, Monterey, CA, December 2000.
11. T. Everette, "Enhancement of Internet Message Access Protocol for User-Friendly Multilevel Mail Management," Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.
12. R. Sandberg, D. Goldberg, S. Kleiman, D. Walsh, and B. Lyon, "The Design and Implementation of the Sun Network File System," in Proceedings of the USENIX Conference, (Portland, OR), pp. 119-130, 1985.
13. C. E. Irvine, T. E. Levin, T. D. Nguyen, and G. W. Dinolt, "The Trusted Computing Exemplar Project," in Proceedings of the Workshop on Information Assurance and Security (to appear), (West Point, NY), June 2004.
14. M. Blaze, J. Feigenbaum, and A. D. Keromytis, "KeyNote: Trust Management for Public-Key Infrastructures," in Proceedings of the 1998 Security Protocols International Workshop, (Cambridge, England), pp. 59-63, Springer LNCS vol. 1550, April 1998.
15. C. E. Irvine, T. Levin, J. D. Wilson, D. Shifflett, and B. Pereira, "An Approach to Security Requirements Engineering for a High Assurance System," Requirements Engineering, vol. 7, no. 4, pp. 192-208, 2002.
16. S. Balmer, "Framework for a High-Assurance Security Extension to Commercial Network Clients," Master's thesis, Naval Postgraduate School, Monterey, CA, September 1999.
17. S. Bartram, "Supporting a Trusted Path for the Linux Operating System," Master's thesis, Naval Postgraduate School, Monterey, CA, June 2000.
18. E. Brown, "SMTP on a High Assurance Multilevel Server," Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.
19. S. Bryer-Joyner and S. Heller, "Secure Local Area Network Services for a High-Assurance Multilevel Network," Master's thesis, Naval Postgraduate School, Monterey, CA, March 1999.
20. P. C. Clark, "Supporting Mandatory Access Control in an Educational Environment," in Proceeding of the 23rd National Information Systems Security Conference, (Arlington, VA), pp. 418-429, October 2000.
21. J. Hackerson, "Design of a Trusted Computing Base Extension for Commercial Off-The-Shelf Workstations (TCBE)," Master's thesis, Naval Postgraduate School, Monterey, CA, September 1997.
22. C. E. Irvine, J. P. Anderson, D. Robb, and J. Hackerson, "High Assurance Multilevel Services for Off-The-Shelf Workstation Applications," in Proceedings of the 20th National Information Systems Security Conference, (Crystal City, VA), pp. 421-431, October 1998.
23. R. K. Rossetti, "A Mail File Administration Tool for a Multilevel High Assurance LAN," Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.
24. J. Wilson, "Trusted Networking in a Multilevel Secure Environment," Master's thesis, Naval Postgraduate School, Monterey, CA, June 2000.
25. T. Hinke, "The Trusted Approach to Multilevel Security," in Proceedings of the Computer Security Applications Conference, pp. 335-341, December 1990.
26. J. Rushby and B. Randell, "A Distributed Secure System," in Computer, pp. 55-67, May 1983.
27. T. Borden, J. Hennessy, and J. Rymarczyk, "Multiple Operating Systems On One Processor Complex," IBM Systems Journal, vol. 28, no. 1, pp. 104-123, 1989.
28. P. A. Karger, M. E. Zurko, D. W. Bonin, A. H. Mason, and C. E. Kahn, "A VMM Security Kernel for the VAX Architecture," in Proceedings of the IEEE Symposium on Research on Security and Privacy, pp. 2-19, IEEE Computer Society Press.
29. S. R. Balmer and C. E. Irvine, "Analysis of Terminal Server Architectures for Thin Clients in a High Assurance Network," in Proceedings of the National Information Systems Security Conference, (Baltimore, MD), pp. 192-202, October 2000.
30. R. Goldberg, Architectural Principles for Virtual Computer Systems. Ph.D. thesis, Harvard University, Cambridge, MA, 1972.
31. J. S. Robin and C. E. Irvine, "Analyzing the Intel Pentium's Capability to Support a Secure Virtual Machine Monitor," in Proceedings of the 9th USENIX Security Symposium, (Denver, CO), August 2000.
32. D. E. Denning, T. F. Lunt, R. R. Schell, W. Shockley, and M. Heckman, "Security Policy and Interpretation for a Class Al Multilevel Secure Relational Database System," in Proceedings 1988 IEEE Symposium on Security and Privacy, (Oakland, CA), IEEE Computer Society Press, April 1988.
33. T. F. Lunt, R. R. Schell, W. Shockley, M. Heckman, and D. Warren, "A Near-Term Design for the SeaView Multilevel Database System," in Proceedings 1988 IEEE Symposium on Security and Privacy, (Oakland), pp. 234-244, IEEE Computer Society Press, 1988.
34. B. Pomeroy and S. Weisman, "Private Desktops and Shared Store," in Proceedings of the 14th Computer Security Applications Conference, (Phoenix, AZ), pp. 190-200, IEEE Computer Society, December 1998.
35. J. Froscher, M. Kang, J. Mcdermott, O. Costich, and C. E. Landwehr, "A Practical Approach to High Assurance Multilevel Secure Computing Service," in Proceedings 10th Computer Security Applications Conference, (Orlando, FL), pp. 2-11, December 1994.
36. M. H. Kang, J. N. Froscher, and B. J. Eppinger, "Towards and Infrastructure for MLS Distributed Computing," in Proceedings of the Fourteenth Annual Computer Security Applications Conference, (Phoenix, AZ), pp. 91-100, IEEE Computer Society Press, December 1998.
37. M. H. Kang and I. Moskowitz, "Design and Assurance Strategy for the NRL Pump," IEEE Computer, vol. 31, pp. 56-64, April 1998.
38. M. Anderson, C. North, J. Griffin, R. Milner, J. Yesberg, and K. Yiu, "Starlight: Interactive Link,"
39. J. Epstein, G. Grossman, and R. Schell, "Component Architectures for Trusted Netware," in Proceedings of the 18th National Information Systems Security Conference, vol. 2, (Baltimore, MD), pp. 455-463, October 1995.
40. A. Ott, "The Rule Sett Based Access Control (RSBAC) Linux Kernel Security Extension," in 8th International Linux Kongress, (Enschede, Netherlands), Linux-Kongress, November 2001.
41. P. Loscocco and S. Smalley. http://www.nsa.gov/selinux/slinuxabs.html, October 2000.
42. S. Smalley and T. Fraser, "A Security Policy Configuration for Security-Enhanced Linux," tech. rep., NAI Labs, January 2001.
43. C. Sanders, "Information Support to Multinational Operations," The Edge, vol. 5, July 2001.
44. Microsoft, "Windows 2000 Evaluated Configuration Administrator's Guide, Version 1.0," tech. rep., Microsoft Corporation, Redmond, WA, 2002.
45. Sun Microsystems, Palo Alto, CA, Trusted Solaris Security Features Users Guide, 1994.
46. Wang Government Services, Inc., McLean, VA, XTS-300 User's Manual, Document ID: FS92-373-07, March 1998.
47. R. Sharpe, "Just What is SMB?," http://samba.anu.edu.au/cifs/ docs/what-is-smb.html, October 2002.