A multilevel secure constrained intrusion detection system prototype

Abstract

The Monterey Security Architecture (MYSEA) provides a distributed multilevel secure (MLS) environment consisting of a MLS local area network (LAN) and multiple single-level networks. The MYSEA server enforces a mandatory access control policy to ensure that users can only access data for which they are authorized. Intrusion detection systems (IDS) placed on a single-level network can store the alerts in the IDS databases at the same classification level as the network being monitored. As most databases do not support the enforcement of mandatory security policies, access to these databases is restricted to singlelevel access only. Thus, administrators are not presented with a coherent view of IDS alerts from all of the connected networks. The objective of this thesis is to design a database proxy to allow administrators to view and analyze IDS information at multiple classification levels while enforcing the systems overall mandatory policy. Based on the derived concept of operations and the requirements, a design for the database proxy that mediates access to databases at different levels was conceived. A prototype database proxy was implemented along with modifications to a web-based analysis tool to allow the viewing and analysis of IDS information at multiple classification levels.