ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Digital Library logoTake a look at the new version of this page: [ beta version ]. Tell us what you think.
MYSEA: the monterey security architecture
Full text PdfPdf (1.36 MB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 2009 ACM workshop on Scalable trusted computing table of contents
Chicago, Illinois, USA
SESSION: Architectural approaches to secure computing table of contents
Pages: 39-48  
Year of Publication: 2009
ISBN:978-1-60558-788-2
Authors
Cynthia E. Irvine  Naval Postgraduate School, Monterey, CA, USA
Thuy D. Nguyen  Naval Postgraduate School, Monterey, CA, USA
David J. Shifflett  Naval Postgraduate School, Monterey, CA, USA
Timothy E. Levin  Naval Postgraduate School, Monterey, CA, USA
Jean Khosalim  Naval Postgraduate School, Monterey, CA, USA
Charles Prince  Naval Postgraduate School, Monterey, CA, USA
Paul C. Clark  Naval Postgraduate School, Monterey, CA, USA
Mark Gondree  Naval Postgraduate School, Monterey, CA, USA
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 23,   Downloads (12 Months): 63,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1655108.1655115
What is a DOI?

ABSTRACT

Mandated requirements to share information across different sensitivity domains necessitate the design of distributed architectures to enforce information flow policies while providing protection from malicious code and attacks devised by highly motivated adversaries. The MYSEA architecture uses component security services and mechanisms to extend and inter-operate with commodity PCs, commodity client software, applications, trusted components, and legacy single level networks, providing new capabilities for composing secure, distributed multilevel secure solutions. This results in an architecture that meets two compelling requirements: first, that users have a familiar work environment, and, second, that critical mandatory security policies are enforced.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
AFCEA. The Need to Share: The U.S. Intelligence Community and Law Enforcement. http://www.afcea.org/mission/intel/documents/ SpringIntel07whitepaper 000.pdf (Last checked: 3 Aug 2009), Fairfax, VA, April 2007.
 
2
J. P. Anderson. Computer security technology planning study. Technical Report ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, 1972. (Also available as Vol. I,DITCAD-758206. Vol. II, DITCAD-772806).
 
3
M. Anderson , C. North , J. Griffin , R. Milner , J. Yesberg , K. Yiu, Starlight: Interactive Link, Proceedings of the 12th Annual Computer Security Applications Conference, p.55, December 09-13, 1996
 
4
C. Aurrecoechea, A. Campbell, and L. Hauw. A Survey of Quality of Service Architectures. Multimedia Systems Journal, 1996.
 
5
L. BAE Systems Information Technology. Security Target, Version 1.11 for XTS-400 Version 6. BAE, December 2004.
 
6
S. Balmer. Framework for a High-Assurance Security Extension to Commercial Network Clients. Master's thesis, Naval Postgraduate School, Monterey, CA, September 1999.
 
7
S. R. Balmer and C. E. Irvine. Analysis of Terminal Server Architectures for Thin Clients in a High Assurance Network. In Proc. National Information Systems Security Conf., pages 192--202, Baltimore, MD, October 2000.
 
8
S. Bartram. Supporting a Trusted Path for the Linux Operating System. Master's thesis, Naval Postgraduate School, Monterey, CA, June 2000.
 
9
T. J. Baumgartner and M. D. W. Phillips. Implementation of a Network Address Translation Mechanism Over IPv6. Master's thesis, Naval Postgraduate School, Monterey, CA, June 2004.
 
10
D. Bell and L. La Padula. Secure computer systems: A mathematical model. Technical Report MTR-2547, Vol 2, MITRE Corp., Bedford, MA, Nov. 1973.
 
11
E. Bersack. Implementation of a HTTP (Web) Server on a High Assurance Multilevel Secure Platform. Master's thesis, Naval Postgraduate School, Monterey, CA, December 2000.
 
12
K. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, Mitre, Bedford, MA, Apr. 1977.
 
13
Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
 
14
T. L. Borden , J. P. Hennessy , J. W. Rymarczyk, Multiple operating systems on one processor complex, IBM Systems Journal, v.28 n.1, p.104-123, 1989
 
15
E. Brown. SMTP on a High Assurance Multilevel Server. Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.
 
16
S. Bryer-Joyner and S. Heller. Secure Local Area Network Services for a High-Assurance Multilevel Network. Master's thesis, Naval Postgraduate School, Monterey, CA, March 1999.
 
17
S. Bui. Single Sign-On Solution For MYSEA Services. Master's thesis, Naval Postgraduate School, Monterey, California, September 2005.
 
18
CCMB. Common Criteria for Information Technology Security Evaluation. Number CCMB-2006-09-001. Common Criteria Maintenance Board, 3.1 revision 1 edition, September 2006.
 
19
S. Chatterjee, B. Sabata, and J. Sydir. ERDoS QOS Architecture. Technical Report ITAD-1667-TR-98-075, SRI Intl., Menlo Park, CA, May 1998.
 
20
P. C. Clark, T. E. Levin, C. E. Irvine, and D. J. Shifflett. DNS and Multilevel Secure Networks. Technical report, Naval Postgraduate School, Monterey, California, February 2009.
 
21
R. C. Cooper. Remote Application Support in a Multi-Level Environment. Master's thesis, Naval Postgraduate School, March 2005.
 
22
D. E. Denning, T. F. Lunt, R. R. Schell, W. Shockley, and M. Heckman. Security Policy and Interpretation for a Class A1 Multilevel Secure Relational Database System. In Proc. 1988 IEEE Symposium on Security and Privacy, Oakland, CA, April 1988.
 
23
J. P. Downey and D. A. Robb. Design of a High Assurance Multilevel Mail Server (HAMMS). Master's thesis, Naval Postgraduate School, Monterey, CA, 1997.
 
24
B. Eads. Developing a High Assurance Multilevel Mail Server. Master's thesis, Naval Postgraduate School, Monterey, CA, March 1999.
 
25
M. Egan. An Implementation Of Remote Application Support In A Multilevel Environment. Master's thesis, Naval Postgraduate School, Monterey, California, March 2006.
 
26
T. Everette. Enhancement of Internet Message Access Protocol for UserFriendly Multilevel Mail Management. Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.
 
27
J. Froscher, M. Kang, J. Mcdermott, O. Costich, and C. E. Landwehr. A Practical Approach to High Assurance Multilevel Secure Computing Service. In Proc. Computer Security Applications Conf., pages 2--11, Orlando, FL, December 1994.
 
28
C. Gilkey. Proof of concept integration of a single-level service-oriented architecture into a multi-domain secure environment. Master's thesis, Naval Postgraduate School, Monterey, CA, March 2008.
 
29
R. Goldberg. Architectural Principles for Virtual Computer Systems. PhD thesis, Harvard University, Cambridge, MA, 1972.
 
30
J. Hackerson. Design of a Trusted Computing Base Extension for Commercial Off-The-Shelf Workstations (TCBE). Master's thesis, Naval Postgraduate School, Monterey, CA, September 1997.
 
31
T. Hinke. The Trusted Approach to Multilevel Security. In Proc. Computer Security Applications Conf., pages 335--341, December 1990.
 
32
IRTPA. Intelligence reform and terrorism prevention act of 2004. http://thomas.loc.gov/cgi-bin/query/D?c108:4:./temp/ c108PvI049::, 28 January 2004.
 
33
C. E. Irvine, T. Acheson, and M. F. Thompson. Building Trust into a Multilevel File System. In Proc. 13th National Computer Security Conf, pages 450--459, Washington, DC, October 1990.
 
34
C. E. Irvine, T. Levin, J. D. Wilson, D. Shifflett, and B. Pereira. An Approach to Security Requirements Engineering for a High Assurance System. Requirements Engineering, 7(4):192--208, 2002.
35
Cynthia Irvine , Timothy Levin, Quality of security service, Proceedings of the 2000 workshop on New security paradigms, p.91-99, September 18-21, 2000, Ballycotton, County Cork, Ireland  [doi>10.1145/366173.366195]
 
36
C. E. Irvine, T. E. Levin, T. D. Nguyen, D. Shifflett, J. Khosalim, P. C. Clark, A. Wong, F. Afinidad, D. Bibighaus, and J. Sears. Overview of a High Assurance Architecture for Distributed Multilevel Security. In Proc. 2004 IEEE Systems Man and Cybernetics Information Assurance Workshop, pages 38--45, West Point, NY, June 2004.
 
37
C. E. Irvine, D. J. Shifflett, P. C. Clark, T. E. Levin, and G. W. Dinolt. MYSEA Security Architecture. Technical Report NPS-CS-02-006, Naval Postgraduate School, Monterey, CA, May 2002.
 
38
C. E. Irvine, D. J. Shifflett, P. C. Clark, T. E. Levin, and G. W. Dinolt. Monterey Security Enhanced Architecture Pro ject. In DARPA DISCEX Conf., pages 176--181, April 2003.
 
39
C. E. Irvine, D. J. Shifflett, P. C. Clark, T. E. Levin, and G. W. Dinolt. MYSEA Technology Demonstration. In DARPA DISCEX Conf., volume II, pages 10--12, April 2003.
 
40
M. H. Kang , J. N. Froscher , B. J. Eppinger, Towards an Infrastructure for MLS Distributed Computing, Proceedings of the 14th Annual Computer Security Applications Conference, p.91, December 07-11, 1998
 
41
Myong H. Kang , Andrew P. Moore , Ira S. Moskowitz, Design and Assurance Strategy for the NRL Pump, Computer, v.31 n.4, p.56-64, April 1998  [doi>10.1109/2.666843]
 
42
P. A. Karger, M. E. Zurko, D. W. Bonin, A. H. Mason, and C. E. Kahn. A VMM Security Kernel for the VAX Architecture. In Proc. IEEE Symposium Research on Security and Privacy, pages 2--19, Oakland, CA, 1990.
43
Butler W. Lampson, A note on the confinement problem, Communications of the ACM, v.16 n.10, p.613-615, Oct. 1973  [doi>10.1145/362375.362389]
 
44
C. Lavelle. A preliminary analysis for porting XML-based chat to MYSEA. Master's thesis, Naval Postgraduate School, Monterey, California, June.
 
45
T. E. Levin, C. E. Irvine, T. V. Benzel, G. Bhaskara, P. C. Clark, and T. D. Nguyen. Design Principles and Guidelines for Security. Technical Report NPS-CS-07-014, Naval Postgraduate School, Monterey, California, November 2007.
 
46
T. E. Levin, C. E. Irvine, and T. D. Nguyen. Least privilege in separation kernels. In J. Filipe and M. S. Obaidat, editors, E-business and Telecommunication Networks; Third International Conference, ICETE 2006, Set'ubal, Portugal, August 7-10, 2006, volume 9 of Communications in Computer and Information Science. Springer, 2008.
 
47
T. E. Levin, C. E. Irvine, and E. Spyropoulou. Quality of Security Service: Adaptive Security, volume 3, pages 1016--1025. John Wiley and Sons, Hoboken, NJ, January 2006.
 
48
J. Linn. Generic Security Service Application Program Interface Version 2, Update 1, 2000.
 
49
P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. Technical report, National Security Agency, October 2001.
 
50
T. F. Lunt, R. R. Schell, W. Shockley, M. Heckman, and D. Warren. A Near-Term Design for the SeaView Multilevel Database System. In Proc. IEEE Symposium on Security and Privacy, pages 234--244, Oakland, 1988.
 
51
Microsoft. Windows 2000 Evaluated Configuration Administrator's Guide, Version 1.0. Technical report, Microsoft Corporation, Redmond, WA, 2002.
 
52
P. Myers. Subversion: The Neglected Aspect of Computer Security. Master's thesis, Naval Postgraduate School, Monterey, CA, 1980.
 
53
NCSC. A guide to understanding ob ject reuse in trusted systems. Technical Report NCSC TG-018, National Computer Security Center (NCSC), Fort George G. Meade, MD, 1991.
 
54
T. D. Nguyen, C. E. Irvine, and T. E. Levin. A Testbed for High Assurance and Dynamic Security. Technical Report NPS-CS-08-010, Naval Postgraduate School, Monterey, CA, May 2008.
 
55
T. D. Nguyen, T. E. Levin, and C. E. Irvine. MYSEA testbed. In Proc. 6th IEEE Systems, Man and Cybernetics Information Assurance Workshop, pages 438--439, West Point, NY, June 2005.
 
56
M. O'Neal. A Design Comparison Between IPv4 and IPv6 in the Context of MYSEA, and Implementation of an IPv6 MYSEA Prototype. Master's thesis, Naval Postgraduate School, Monterey, CA, June 2003.
 
57
K. L. Ong. Design and Implementation of Wiki Services in a Multilevel Secure Environment. Master's thesis, Naval Postgraduate School, Monterey, California, December 2007.
 
58
K. L. Ong, T. D. Nguyen, and C. E. Irvine. Implementation of a Multilevel Wiki for Cross-Domain Collaboration. In Proc. Third International Conf. on i-Warfare and Security, pages 293--304, Omaha, NB, April 2008.
 
59
A. Ott. The Rule Sett Based Access Control (RSBAC) Linux Kernel Security Extension. In 8th International Linux Kongress, Enschede, Netherlands, November 2001. Linux-Kongress.
 
60
B. Pomeroy , S. Wiseman, Private Desktops and Shared Store, Proceedings of the 14th Annual Computer Security Applications Conference, p.190, December 07-11, 1998
 
61
A. D. Portner. A prototype of multilevel data integration in the MYSEA testbed. Master's thesis, Naval Postgraduate School, Monterey, California, September 2007.
 
62
John Scott Robin , Cynthia E. Irvine, Analysis of the Intel Pentium's ability to support a secure virtual machine monitor, Proceedings of the 9th conference on USENIX Security Symposium, p.10-10, August 14-17, 2000, Denver, Colorado
 
63
R. K. Rossetti. A Mail File Administration Tool for a Multilevel High Assurance LAN. Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.
 
64
J. Rushby , B. Randell, A Distributed Secure System, Computer, v.16 n.7, p.55-67, July 1983  [doi>10.1109/MC.1983.1654443]
 
65
J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proc. IEEE, 63(9):1278--1308, 1975.
 
66
C. Sanders. Information Support to Multinational Operations. The Edge, 5(2), July 2001.
 
67
P. A. Schneck and K. Schwann. Dynamic Authentication for High-Performance Networked Applications. Technical Report GIT-CC-98-08, Georgia Institute of Technology College of Computing, 1998.
68
Michael D. Schroeder , Jerome H. Saltzer, A hardware architecture for implementing protection rings, Communications of the ACM, v.15 n.3, p.157-170, March 1972  [doi>10.1145/361268.361275]
 
69
J. D. Sears. Simultaneous Connection Management and Protection in a Distributed Multilevel Security Environment,. Master's thesis, Naval Postgraduate School, Monterey, CA, September 2004.
 
70
W. R. Shockley and R. R. Schell. TCB subsets for incremental evaluation. In Proc. Third AIAA Conf. on Computer Security, pages 131--139, December 1987.
 
71
S. Smalley and T. Fraser. A Security Policy Configuration for Security-Enhanced Linux. Technical report, NAI Labs, January 2001.
 
72
Sun Microsystems, Palo Alto, CA. Trusted Solaris Security Features Users Guide, 1994.
 
73
T. F. Tenhunen. Implementing an Intrusion Detection System in the MYSEA Architecture. Master's thesis, Naval Postgraduate School, Monterey, California, June 2008.
 
74
R. C. Vernon. A design for sensing the boot type of a trusted platform module enabled computer. Master's thesis, Naval Postgraduate School, Monterey, California, September 2005.
 
75
R. C. Vernon, C. E. Irvine, and T. E. Levin. Toward a boot odometer. In Proceedings from the 7th IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, June 2006.
 
76
Wang Government Services, Inc., McLean, VA. XTS-300 User's Manual, Document ID: FS92-373-07, March 1998.
 
77
Lonnie R. Welch , Michael W. Masters , Leslie A. Madden , David T. Marlow , Philip M. Irey, IV , Paul V. Werme , Behrooz Shirazi, A Distributed System Reference Architecture for Adaptive QoS and Resource Management, Proceedings of the 11 IPPS/SPDP'99 Workshops Held in Conjunction with the 13th International Parallel Processing Symposium and 10th Symposium on Parallel and Distributed Processing, p.1316-1326, April 12-16, 1999
 
78
J. Wilson. Trusted Networking in a Multilevel Secure Environment. Master's thesis, Naval Postgraduate School, Monterey, CA, June 2000.
 
79
P. Wolfowitz, "Global Information Grid (GIG) overarching policy" U.S. Department of Defense, directive number 8100.1, 19 September 2002.

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.7 Organization and Design


General Terms:
Design, Security


Keywords:
access controls, authentication, cryptographic controls, information flow controls

Collaborative Colleagues:
Cynthia E. Irvine: colleagues
Thuy D. Nguyen: colleagues
David J. Shifflett: colleagues
Timothy E. Levin: colleagues
Jean Khosalim: colleagues
Charles Prince: colleagues
Paul C. Clark: colleagues
Mark Gondree: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2010 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player