Secure local area network services for a high assurance multilevel network

Download
Author
BryerJoyner, Susan
Heller, Scott D.
Date
1999-03Advisor
Anderson, James P.
Irvine, Cynthia E.
Metadata
Show full item recordAbstract
To reduce the cost and complexity of the current DoD information infrastructure, a Multilevel Secure (MLS) network solution eliminating hardware redundancies is required. Implementing a high assurance MLS LAN requires the ability to extend a trusted path over a TCP/IP network. No high assurance network trusted path mechanisms currently exist. We present a design and proof- of-concept implementation for a Secure LAN Server that provides the trusted path between a trusted computing base extension (TCBE) servicing a COTS PC and protocol servers executing at single sensitivity levels on the XTS-300. The trusted path establishes high assurance communications (over a TCP/IP network) between a TCBE and the Secure LAN Server. This trusted channel is used first for user authentication, then as a trusted relay between the protocol server and TCBE. All transmitted data passed over the LAN can be protected by encryption, providing assurance of integrity and confidentiality for the data. This thesis documents the implementation of a demonstration prototype Secure LAN Server using existing technology, including high assurance systems, COTS hardware, and COTS software, to provide access to multilevel data in a user-friendly environment. Our accomplishment is crucial to the development of a full scale MLS LAN.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Simultaneous connection management and protection in a distributed multilevel security environment
Sears, Joseph D. (Monterey, California. Naval Postgraduate School, 2004-09);The Naval Postgraduate School Center for Information Systems Security Studies and Research (CISR) is designing and developing a distributed multilevel secure (MLS) network known as the Monterey Security Architecture (MYSEA). ... -
Analysis for a trusted computing base extension prototype board
Turan, Bora (Monterey, California. Naval Postgraduate School, 2000-03);Agencies, institutions, individuals are demanding the use of commercial-off-the-shelf systems and cannot enforce mandatory security policies with these systems, which are equipped only with discretionary access controls. ... -
Framework for a high-assurance security extension to commercial network clients
Balmer, Steven R. (Monterey, California. Naval Postgraduate School, 1999-09);The Department of Defense and U.S. Government have an identified need to securely share information classified at differing security levels. Because there exist no commercial solutions to this problem, NPS is developing a ...