A Multilevel File System for High Assurance
Irvine, Cynthia E.
MetadataShow full item record
The designs of applications for multilevel systems cannot merely duplicate those of the untrusted world. When applications are built on a high assurance base they will be constrained by the underlying policy enforcement mechanism_ Consideration must be given to the creation and management of multilevel data structures by untrusted subjects_ Applications should be designed to rely upon the TCB s security policy enforcement services rather than build new access control services beyond the TCB perimeter The results of an analysis of the design of a general purpose le system developed to execute as an untrusted application on a high assurance TCB are presented. The design illustrates a number of solutions to problems resulting from a high assurance environment.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Hackerson, Jason X. (Monterey, California. Naval Postgraduate School, 1998-09);United States policy requires that access to and dissemination of classified information be controlled. Separate networks and workstations for each classification do not meet user requirements. Users also need commercially ...
Egan, Melissa K. (Monterey, California. Naval Postgraduate School, 2006-03);There is a growing need for high-assurance architectures that support mandatory confidentiality and integrity policies. One such architecture currently under development is the Monterey Security Architecture (MYSEA), a ...
A demonstration of a trusted computer interface between a multilevel secure command and control system and untrusted tactical data systems. Rector, George E. Jr. (1987-03);The task of this research is to demonstrate a multilevel secure interface between a system operating at multiple security levels and other untrusted systems operating at a single security level. Without a trusted interface ...