Implementation of a Multilevel Wiki for Cross-Domain Collaboration

Download
Author
Ong, Kar Leong
Nguyen, Thuy D.
Irvine, Cynthia E.
Date
2008-04-01Metadata
Show full item recordAbstract
The pace of modern warfare requires tools that support intensive, ongoing collaboration between participants. Wiki technology provides a hypertext content-based collaborative authoring and information sharing environment that includes the ability to create links to other web contents, relative stability, ease of use, and logging features for tracking contributions and modifications. Military environments impose a requirement to enforce national policies regarding authorized access to classified information while satisfying the intent of wikis to provide an open context for content sharing. The Global Information Grid (GIG) vision calls for a highly flexible multilevel environment. The Monterey Security Architecture (MYSEA) Test-bed provides a distributed high assurance multilevel networking environment where authenticated users securely access data and services at different classification levels. The MYSEA approach is to provide users with unmodified commercial-off-the-shelf office productivity tools while enforcing a multilevel security (MLS) policy with high assurance. The extensible Test-bed architecture is designed with strategically placed trusted components that comprise the distributed TCB, while untrusted commercial clients support the user interface. We have extended the collaboration capabilities of MYSEA through the creation of a multilevel wiki. This wiki permits users who access the system at a particular sensitivity level to read and post information to the wiki at that level. Users at higher sensitivity levels may read wiki content at lower security levels and may post information at the higher security level. The underlying MLS policy enforcement mechanisms prevent low users from accessing higher sensitivity information. The multilevel wiki was created by porting a publicly available wiki engine to run on the high assurance system hosting the MYSEA server. A systematic process was used to select a wiki for the MYSEA environment. TWiki was chosen. To simplify identification of errors that might arise in the porting process, a three-stage porting methodology was used. Functional and security tests were performed to ensure that the wiki engine operates properly while being constrained by the underlying policy enforcement mechanisms of the server. An objective in designing the test plans was to ensure adequate test coverage, while avoiding a combinatoric explosion of test cases. Repeatable regression testing procedures were also produced. A conflict between the application-level DAC policy of the wiki and that of the MYSEA server was identified and resolved.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Related items
Showing items related by title, author, creator and subject.
-
An implementation of remote application support in a multilevel environment
Egan, Melissa K. (Monterey, California. Naval Postgraduate School, 2006-03);There is a growing need for high-assurance architectures that support mandatory confidentiality and integrity policies. One such architecture currently under development is the Monterey Security Architecture (MYSEA), a ... -
Use of OpenSSH support for remote login to a multilevel secure system
Herbig, Christopher Fred (Monterey, California. Naval Postgraduate School, 2004-12);Complex multilevel secure (MLS) architectures are emerging that require user identification and authentication services not only from multilevel connections, but from pre-existing single level networks. The XTS-400 can be ... -
Design and implementation of NFS for a multilevel secure system
Phan, Kandy Q. (Monterey, California. Naval Postgraduate School, 2004-03);Popular software for high assurance systems is not readily available. Developers do not want to develop or port applications for secure systems because of the perception that high assurance development is too time consuming, ...