Analysis for a trusted computing base extension prototype board

Agencies, institutions, individuals are demanding the use of commercial-off-the-shelf systems and cannot enforce mandatory security policies with these systems, which are equipped only with discretionary access controls. An inexpensive implementation of a multilevel secure local area network utilizing commercial-off-the- shelf hardware and software does not exist. The Naval Postgraduate School (NPS) is developing a Multilevel Secure Local Area Network (MLS LAN) to provide secure information sharing, classified at different security levels. The MLS LAN extends the high assurance of an evaluated multilevel secure System to a LAN that is formed by commercial personal computers (PCs) running commercial operating systems and office productivity software. The MLS LAN accomplishes the defined functionality by using custom boards which are designed to be plugged into personal computers. The boards are named the Trusted Computing Base Extension (TCBE). The TCBE is intended to provide trusted path and object reuse supporting services to the network TCB. This thesis describes the hardware and software components, structures, interfaces required for the TCBE to complete a trusted path and control the client PC. Potential implementations are suggested and analyzed for security implications. A preliminary TCBE prototype has been constructed and tested for selected TCBE functions. It is shown that the TCBE prototype can be made both non-by-passable and tamper resistant.http://archive.org/details/analysisfortrust109459388Turkish Navy author.Approved for public release; distribution is unlimited

Delegating Network Security with More Information

Network security is gravitating towards more centralized control. Strong centralization places a heavy burden on the administrator who has to manage complex security policies and be able to adapt to users' requests. To be able to cope, the administrator needs to delegate some control back to end-hosts and users, a capability that is missing in today's networks. Delegation makes administrators less of a bottleneck when policy needs to be modified and allows network administration to follow organizational lines. To enable delegation, we propose ident++ - a simple protocol to request additional information from end-hosts and networks on the path of a flow. ident++ allows users and end-hosts to participate in network security enforcement by providing information that the administrator might not have or rules to be enforced on their behalf. In this paper we describe ident++ and how it provides delegation and enables flexible and powerful policies.United States. Dept. of Homeland Security (Scholarship and Fellowship Program)United States. Dept. of EnergyOak Ridge Institute for Science and Educatio

Considerations for a shipboard multilevel secure local area network

This thesis investigates the possibility of implementing a multilevel secure local area network on a medium-sized ship. In particular it focuses on medium-sized ship communications suite connectivity to a GateGuard computer system, and then on incorporating systems that have been developed under the Navy's transition plan for the Defense Message System; specifically the Multilevel Mail Server being installed at Navy Telecommunications Centers. A review of data communications security considerations as well as DoD and Navy directives is provided for background on the accreditation requirements of multilevel secure systems. Additionally two commercially available products, the VERDIX Secure Local Area Network and Trusted Information Systems' XENIX trusted operating system arc reviewed and then shown how they could potentially be integrated into a shipboard local area network. A potential configuration is provided with recommendation for further studs of system application compatibility.http://archive.org/details/considerationsfo00rileLieutenant Commander, United States NavyApproved for public release; distribution is unlimited

Framework for a high-assurance security extension to commercial network clients

The Department of Defense and U.S. Government have an identified need to securely share information classified at differing security levels. Because there exist no commercial solutions to this problem, NPS is developing a Multilevel Secure Local Area Network (MLS LAN). The MLS LAN extends the high assurance capabilities of an evaluated multilevel secure system to commercial personal computers (PCs) running commercial operating systems and office productivity software by using a Trusted Computing Base Extension (TCBE). The TCBE is intended to provide trusted path and object reuse supporting services to the network TCB. This thesis describes the physical interfaces required for the TCBE to complete a trusted path and control the client PC. Potential implementations for each interface are suggested and analyzed for security implications. Also presented is a detailed analysis of methods for delivering the Windows NT operating system (including the suitability of Terminal Server Edition) to the client PC in the MLS LAN with high assurance of properly controlled object reuse and operating system integrity.http://archive.org/details/frameworkforhigh1094513657U.S. Navy (U.S.N.) author.Approved for public release; distribution is unlimited

A trusted connection framework for multilevel secure Local Area Networks

The Naval Postgraduate School is developing a Multilevel Secure Local Area Network (MLS LAN) that incorporates commercial-off-the-shelf client workstations to provide multiple users with simultaneous secure access to stored data of different sensitivity levels. The MLS LAN uses a Trusted Computing Base Extension (TCBE) in the LAN's client workstations to extend the TCB from the trusted server across the network to these workstations. Connections between elements of the LAN are under TCB control and are conducted by way of several new communications protocols. Using a realistic System Requirements Document and a High Level Protocol Analysis, this thesis presents a framework of communications protocols that will enable the components of the MLS LAN to securely interact. The framework first presents a communications channel protocol that protects all data transmitted on the network. Following this, three other protocols are described that enable MLS LAN users to safely login and negotiate a secure session, access Application Protocol Servers that provide services such as e-mail or WWW services, and to use typical LAN-based office automation services. Finally presented is an analysis of both TLS and IPSec, which provides evidence that IPSec is best suited to provide MLS LAN communications protection.http://archive.org/details/atrustedconnecti109459182U.S. Marine Corps (U.S.M.C.) author.Approved for public release; distribution is unlimited