Single sign-on solution for MYSEA services

Abstract

The Monterey Security Architecture (MYSEA) is a trusted distributed environment enforcing multilevel security policies. To provide a scaleable architecture, a federation of MYSEA servers handles service requests. However, the introduction of multiple servers creates security and usability problems associated with multiple user logins. A single sign-on solution for the MYSEA server federation is needed. After user authenticates once to a single MYSEA server, the user's credentials are used to sign on to the other MYSEA servers. The goal of this thesis is to create a high-level design and specification of a single sign-on framework for MYSEA. This has entailed a review and comparison of existing single sign-on architectures and solutions, a study of the current MYSEA design, the development of a new architecture for single sign-on, an analysis of single signon threats within a MYSEA context, a derivation of single sign-on objectives in MYSEA, leading up to the security requirements for single sign-on in MYSEA. Security and functionality are the main driving factors in the design. Others factors include performance, reliability, and the feasibility of integration into the existing MYSEA MLS network. These results will serve as a basis for a detailed design and future development of sign-on in MYSEA.