|
 ABSTRACT
In extraordinary situations, certain individuals may require access to information for which they are not normally authorized. For example, to facilitate rescue of people trapped inside of a burning building, firefighters may need its detailed floor plan - information that may not typically be accessible to emergency responders. Thus, it is necessary to provide transient trust so that such sensitive information is available to selected individuals only during the emergency. The architecture presented here is designed to support transient trust. It encompasses pre-positioned, updateable domains for use exclusively during emergencies along with a set of "normal" domains with different sensitivity levels. Allocated to partitions, these domains are entered via a high integrity trusted path service located in a separate trusted partition. Interaction among subjects in different partitions is controlled by a high assurance separation kernel, and efficient use of devices is achieved through the application of a three-part device model. The resulting architecture enforces mandatory security policies, yet ensures secure and revocable access to a class of information during declared emergencies.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
A. Alkassar, M. Scheibel, A-R. Sadeghi, C. Stüble, and M. Winandy, Security Architecture for Device Encryption and VPN. Information Security Solution Europe, 2006.
|
| |
2
|
|
| |
3
|
J. P. Anderson, Computer Security Technology Planning Study, ESD-TR-73--51, vol. I, ESD/AFSC, Hanscom AFB, Bedford, Mass., October 1972 (NTIS AD-758206).
|
| |
4
|
Assured Sharing Tiger Team. Access Control Concepts for Assured Sharing. National security agency, information assurance directorate 1.0 May 2004
|
 |
5
|
Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
|
| |
6
|
D. E. Bell and L. LaPadula, "Secure computer systems: Mathematical foundations and model," Tech. Rep. M74--244, MITRE Corp., Bedford, MA, 1973.
|
| |
7
|
Common Criteria for Information Technology Security Evaluation. CCMB--2006--09--001 September 2006
|
| |
8
|
|
| |
9
|
Department of Defense Trusted Computer System Evaluation Criteria. No. DoD 5200.28-STD, National Computer Security Center, December 1985.
|
| |
10
|
R. Goldberg, Architectural Principles for Virtual Computer Systems, Ph.D. Dissertation, Harvard University, Cambridge, Massachusetts, October 1972.
|
| |
11
|
D. Grawrock, The Intel Safer Computing Initiative. Hillsboro, OR: Intel Press, 2006.
|
| |
12
|
D. G. Holmberg, W. D. David, S. J. Treado, and K. A. Reed, Building Tactical Information System for Public Safety Officials: Intelligent Building Response, NISTIR 7314, National Institute of Standard and Technology, January 2006.
|
| |
13
|
W.-M. Hu, "Reducing Timing Channels with Fuzzy Time," in Proceedings of the IEEE Symposium on Research in Security and Privacy, (Oakland, CA), pp. 8--20, IEEE Computer Society Press, May 1991.
|
| |
14
|
IBM, IBM OS/2 16/32--bit Object Module Format (OMF) and Linear Executable Module Format, Revision 10, October 1996. http://www.openwatcom.org/ftp/devel/docs/lxomf.pdf. (Last viewed: 09 August 2008).
|
| |
15
|
Intel Corp., "Intel® Virtualization Technology Specification for the IA-32 Intel® Architecture", 2005. http://www.intel.com/cd/ids/developer/asmo-na/eng/dc/pentium4/reference/197666.htm
|
| |
16
|
Intel Corp., "Intel 64 and IA--32 Architectures Software Developer's Manual", Volume 3A: System Programming Guide, Part 1, November 2006. http://download.intel.com/design/processor/manuals/253668.pdf (Last viewed: 09 August 2008).
|
| |
17
|
C. E. Irvine, T. Acheson, and M. F. Thompson, "Building trust into a multilevel file system," in Proceedings 13th National Computer Security Conference, (Washington, DC), pp. 450--459, October 1990.
|
| |
18
|
Johns Hopkins University, National Center for Study of Preparedness and Catastrophic Event Response. http://www.pacercenter.org/. The Johns Hopkins University, Baltimore, MD, Last Accessed 6/23/08.
|
| |
19
|
R. Lee, C. Irvine, T. Benzel, T. Levin, G. Bhaskara, J. Dwoskin. P. Clark, T. Nguyen. "Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture," submitted to ANCS.
|
| |
20
|
T. E. Levin, C. E., Irvine, and T. D. Nguyen, Least Privilege in Separation Kernels, Proceedings International Conference on Security and Cryptography, Setubal, Portugal, August 2006, pp. 355--362.
|
| |
21
|
T. E. Levin, C. E. Irvine, T. V. Benzel, G. Bhaskara, P. C. Clark, and T. D. Nguyen, Design Principles and Guidelines for Security, NPS--CS--08--001, Naval Postgraduate School, November 2007.
|
| |
22
|
Timothy E. Levin , Cynthia E. Irvine , Clark Weissman , Thuy D. Nguyen, Analysis of three multilevel security architectures, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
[doi> 10.1145/1314466.1314473]
|
| |
23
|
T. F. Lunt, P. G. Neumann, D. E. Denning, R. R. Schell, M. Heckman, and W. R. Shockley, "Secure distributed data views security policy and interpretation for DMBS for a Class A1 DBMS," Tech. Rep. RADC--TR--89--313, Vol I, Rome Air Development Center, Griffiss, Air Force Base, NY, December 1989.
|
| |
24
|
Final Evaluation Report, Wang Federal Incorporated, XTS--300, National Computer Security Center, CSC-EPL--92/003.B, July 11, 1995.
|
| |
25
|
Final Evaluation Report, Gemini Computers, Incorporated, Gemini Trusted Network Processor, National Computer Security Center, 34--94, June 28, 1995.
|
| |
26
|
Glossary of Computer Security Terms, NCSC-TG-004, Version 1, National Computer Security Center, October 21, 1988.
|
| |
27
|
John W. Milton. Security Spillage Procedures Defense Message System (DMS). Interim Procedure 21-V02 October 2006
|
| |
28
|
National Information Assurance Partnership, U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness. version 1.03 ed., 29 June 2007.
|
| |
29
|
National Security Agency, Executive Summary of the End-to-End IA Component of the GIG Integrated Architecture, National Security Agency Information Assurance Directorate, Version 1.0 April 2005.
|
| |
30
|
OASIS, Emergency Data Exchange Language (EDXL) Distribution Element v1.0, OASIS, May 2006. http://docs.oasis-open.org/emergency/edxlde/ v1.0/EDXL--DE_Spec_v1.0.pdf
|
| |
31
|
Objective Interface, MILS: Multiple Independent Levels of Security, http://www.ois.com/Products/MILS-Technical-Primer.html#question6. (last viewed: 18 July 2008).
|
| |
32
|
Open Watcom, Main Page, http://www.openwatcom.org/index.php/Main_Page. (Last viewed: 09 August 2008).
|
| |
33
|
|
| |
34
|
A-R. Sadeghi, et. al., European Multilateral Secure Computing Base - Open Trusted Computing for You and Me. Datenschutz und Datensicherheit (DUD) 9/2004, Vieweg Verlag, pp. 548--554, 2004.
|
| |
35
|
D. D. Schnackenberg. "Development of a Multilevel Secure Local Area Network," Proc. 8th National Computer Security Conference, October 1985, pp. 97--101.
|
| |
36
|
|
| |
37
|
U.S. Department of the Navy. Information Assurance Remanence Security Publication. Department of the navy IA Pub--5239--26 May 2000
|
| |
38
|
U.S. Department of the Navy. Information Security Program. Department of the navy SECNAV M--5510.36 June 2006
|
| |
39
|
W. M. Vanfleet, et. al., "MILS: Architecture for high assurance embedded computing," CrossTalk, 18, pp. 12--16, August 2005.
|
| |
40
|
P. Wolfowitz, Global Information Grid (GIG) Overarching Policy. U.S. Department of Defense, directive number 8100.1, September 19 2002
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.2