Organizational Unit:
Center for Cybersecurity and Cyber Operations (C3O)

Date Established

1996

Description

C3O is America's foremost center for defense-related research and education in software security, inherently trustworthy systems, cybersecurity defense, and the use of computational systems in both defensive and adversarial cyber operations.

Prior to 2017 this Center was known as the Center for Information Systems Security Studies and Research (CISR).

Type

Center

Full item page

Publication Search Results

Now showing 1 - 10 of 183

Scholarship for Service Student Handbook
(Monterey, CA; Naval Postgraduate School, 2003-10-06) Center for Cybersecurity and Cyber Operations (C3O)
Least Privilege in Separation Kernels
(International Conference on Security and Cryptography, Setubal, Portugal,, 2006-08-00) Levin, Timothy E.; Irvine, Cynthia E.; Nguyen, Thuy, D.; Center for Cybersecurity and Cyber Operations (C3O); Computer Science (CS)
We extend the separation kernel abstraction to represent the enforcement of subjects provides enhanced protection for secure systems We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal, finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions.
Toward Quality of Security Service in a Resource Management System Benefit Function
(Proceedings of the 2000 Heterogeneous Computing Workshop, 2000-05-00) Irvine, Cynthia E.; Levin, Timothy E.; Center for Cybersecurity and Cyber Operations (C3O); Computer Science (CS); Anteon Corporation
This paper examines the architectural and security impact of using commercially available, popular terminal servers to support thin clients within the context of a high assurance multilevel network. Seven potential local area network architectures were analyzed for security and utility. Three secure configurations were identified: Multiple Terminal Servers in Series; Multiple Trusted Computing Base Extension-Enhanced Terminal Servers; and Terminal Servers on a High Assurance Virtual Machine Monitor
A least privilege model for static separation kernels
(Monterey, CA; Naval Postgraduate School, 2004-10) Levin, Timothy E.; Irvine, Cynthia E.; Nguyen, Thuy D.; Center for Cybersecurity and Cyber Operations (C3O); Computer Science (CS)
We extend the separation kernel abstraction to represent the enforcement of the principle of least privilege. In addition to the inter-block flow control policy prescribed by the traditional separation kernel paradigm, we describe an orthogonal finer-grained flow control policy by extending the protection of elements to subjects and resources, as well as blocks, within a partitioned system. We show how least privilege applied to the actions of subjects and resources provides enhanced protection for secure systems, and how only trusted subjects may cause certain information flows between partitions. A high assurance separation kernel based on least privilege can provide all of the functionality and protection of the traditional separation kernel, combined with a high level of confidence that the effects of subjects' activities can be minimized to their intended scope.
SmartNet: A Scheduling Framework for Heterogeneous Computing
(1996) Freund, Richard; Kidd, Taylor; Moore, Lantz; Hensgen, Debbie; Center for Cybersecurity and Cyber Operations (C3O)
SmartNet is a scheduling framework for heterogeneous systems. Preliminary conservative simulation results for one of the optimization criteria, show a 1.21 improvement over Load Balancing and a 25.9 improvement over Limited Best Assignment, the two policies that evolved from homogeneous environments. SmartNet achieves these improvements through the implementation of several innovations. It recognizes and capitalizes on the inherent heterogeneity of computers in today’s distributed environments; it recognizes and accounts for the underlying non-determinism of the distributed environment; it implements an original partitioning approach, making runtime prediction more accurate and useful; it effectively schedules based on all shared resource usage, including network characteristics; and it uses statistical and filtering techniques, making a greater amount of prediction information available to the scheduling engine. In this paper, the issues associated with automatically managing a heterogeneous environment are reviewed, SmartNet’s architecture and implementation are described, and performance data is summarized.
A Cloud-Oriented Cross-Domain Security Architecture
(Military Communications Conference (MILCOM 2010), San Jose, CA, 2010-11-07) Nguyen, D Thuy; Gondree, Mark A.; Shifflet, David J.; Khosalim, Jean; Levin, Timothy E.; Irvine, Cynthia E.; Center for Cybersecurity and Cyber Operations (C3O); Electrical and Computer Engineering (ECE)
The Monterey Security Architecture addresses the need to share high-value data across multiple domains of different classification levels while enforcing information flow policies. The architecture allows users with different security authorizations to securely collaborate and exchange information using commodity computers and familiar commercial client software that generally lack the prerequisite assurance and functional security protections. MYSEA seeks to meet two compelling requirements, often assumed to be at odds: enforcing critical, mandatory security policies, and allowing access and collaboration in a familiar work environment. Recent additions to the MYSEA design expand the architecture to support a cloud of cross-domain services, hosted within a federation of multilevel secure (MLS) MYSEA servers. The MYSEA cloud supports single-sign on, service replication, and network-layer quality of security service. This new cross domain, distributed architecture follows the consumption and delivery model for cloud services, while maintaining the federated control model necessary to support and protect cross domain collaboration within the enterprise. The resulting architecture shows the feasibility of high-assurance, cross-domain services hosted within a community cloud suitable for interagency, or joint, collaboration. This paper summarizes the MYSEA architecture and discusses MYSEA's approach to provide an MLS-constrained cloud computing environment.
The Relative Performance of Various Mapping Algorithms is Independent of Sizable Variances in Run-time Predictions
(IEEE, 1998) Armstrong, Robert; Hensgen, Debra; Kidd, Taylor; Center for Cybersecurity and Cyber Operations (C3O)
In this paper we study the performance of four mapping algorithms. The four algorithms include two naive ones: Opportunistic Load Balancing (OLB), and Limited Best Assignment (LBA), and two intelligent greedy algorithms: an O(nm) greedy algorithm, and an O(n 2 m) greedy algorithm. All of these algorithms, except OLB, use expected run-times to assign jobs to machines. As expected run-times are rarely deterministic in modern networked and server based systems, we first use experimentation to determine some plausible run-time distributions. Using these distributions, we next execute simulations to determine how the mapping algorithms perform. Performance comparisons show that the greedy algorithms produce schedules that, when executed, perform better than naive algorithms, even though the exact run-times are not available to the schedulers. We conclude that the use of intelligent mapping algorithms is beneficial, even when the expected time for completion of a job is not deterministic.
A Common Criteria-Based Team Project for High Assurance System Education
(2005-05) Irvine, Cynthia E.; Center for Cybersecurity and Cyber Operations (C3O); Computer Science (CS)
Most courses in information security do not provide students with practical experience in high assurance development. To complement a course in secure systems that focuses of foundational principles of constructive security, a laboratory project that requires students to work in teams while meeting Common Criteria Evaluation Assurance Level (EAL) 6 assurance requirements has been created. The objectives, structure, and experience with this laboratory project are described.
Building Trust Into A Multilevel File System
(Proceedings, 13th National Computer Security Conference, 1990-00-00) Irvine, Cynthia E.; Center for Cybersecurity and Cyber Operations (C3O); Computer Science (CS)
File systems are an intrinsic part of any operating system providing support for a general application environment. To help provide general operating system functionality, a multilevel file system is being built to run on the GEMSOS TCB. The process of designing a file system for a multilevel environment, although similar in many respects to that for its untrusted counterpart, should include consideration of factors which will render its structure consistent with the trusted environment upon which it is built. The file system should take advantage of the security mechanisms available from the TCB. In this paper, two techniques are described which contribute to building trust into a file system design. The first is the use of mandatory access controls as a constraining design guide, and the second is the use of the intended discretionary access control policy as a driver for design choices.
Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems
(IEEE, 2007-05-01) Huffmire, Ted; Brotherton, Brett; Wang, Gang; Sherwood, Timothy; Kastner, Ryan; Levin, Timothy; Nguyen, Thuy D.; Irvine, Cynthia E.; Center for Cybersecurity and Cyber Operations (C3O)
Blurring the line between software and hardware, reconfigurable devices strike a balance between the raw high speed of custom silicon and the post-fabrication flexibility of general-purpose processors. While this flexibility is a boon for embedded system developers, who can now rapidly prototype and deploy solutions with performance approaching custom designs, this results in a system development methodology where functionality is stitched together from a variety of soft IP cores, often provided by multiple vendors with different levels of trust. Unlike traditional software where resources are managed by an operating system, soft IP cores necessarily have very fine grain control over the underlying hardware. To address this problem, the embedded systems community requires novel security primitives which address the realities of modern reconfigurable hardware. We propose an isolation primitive, moats and drawbridges, that are built around four design properties: logical isolation, interconnect traceability, secure reconfigurable broadcast, and configuration scrubbing. Each of these is a fundamental operation with easily understood formal properties, yet maps cleanly and efficiently to a wide variety of reconfigurable devices. We carefully quantify the required overheads on real FPGAs and demonstrate the utility of our methods by applying them to the practical problem of memory protection.