Secure local area network services for a high assurance multilevel network

Abstract

To reduce the cost and complexity of the current DoD information infrastructure, a Multilevel Secure (MLS) network solution eliminating hardware redundancies is required. Implementing a high assurance MLS LAN requires the ability to extend a trusted path over a TCP/IP network. No high assurance network trusted path mechanisms currently exist. We present a design and proof- of-concept implementation for a Secure LAN Server that provides the trusted path between a trusted computing base extension (TCBE) servicing a COTS PC and protocol servers executing at single sensitivity levels on the XTS-300. The trusted path establishes high assurance communications (over a TCP/IP network) between a TCBE and the Secure LAN Server. This trusted channel is used first for user authentication, then as a trusted relay between the protocol server and TCBE. All transmitted data passed over the LAN can be protected by encryption, providing assurance of integrity and confidentiality for the data. This thesis documents the implementation of a demonstration prototype Secure LAN Server using existing technology, including high assurance systems, COTS hardware, and COTS software, to provide access to multilevel data in a user-friendly environment. Our accomplishment is crucial to the development of a full scale MLS LAN.