A High-assurance, Virtual Guard Architecture1
نویسندگان
چکیده
Although one senior security professional has emphasized that “it is unconscionable to use overly weak components” in a multilevel security (MLS) context, the majority of current transfer guards do exactly that. Basic guard technology is well-developed and has a long history, but most guards are built on low-assurance systems vulnerable to software subversion, and the lack of assurance limits the range of transfers. This paper describes a virtual guard architecture that leverages mature MLS technology previously certified and deployed across domains from TS/SCI to Unclassified. The architecture permits a single guard system to simultaneously and securely support many different transfer functions between many different domain pairs. Not only does this architecture substantially address software subversion, support adaptable information transfer policies, and have the potential to dramatically reduce (re)certification effort, the virtualized guard execution environment also promises to significantly enhance efficient and scalable use of resources.
منابع مشابه
Towards Formal Evaluation of a High-Assurance Guard
A transfer guard built on a high-assurance multilevel secure (MLS) trusted computing base (TCB) must be a trusted subject with the capability to perform downgrades not otherwise permitted by the MLS security policy. Formal evaluations of MLS systems containing trusted subjects are complicated when the trusted subjects are evaluated as part of a monolithic TCB. While welldeveloped techniques of ...
متن کاملIntroduction to the Guardol Programming Language and Verification System
Guardol is a high-level programming language intended to facilitate the construction of correct network guards. The Guardol system generates Ada code from Guardol programs. It also provides specification and automated verification support: guard specifications are formally translated to SMT format and passed to a new decision procedure dealing with functions over tree-structured data. The resul...
متن کاملArchitecture and Concepts of the ARGuE Guard
ARGuE (Advanced Research Guard for Experimentation) is a prototype guard being developed as a basis for experimentation. ARGuE is based on Network Associates’ Gauntlet firewall. By integrating capabilities developed under several government programs, we were able to create a system which is easier to extend than other guards, provides significant new features (such as integration with an intrus...
متن کاملCyberCIEGE : An Extensible Tool for Information Assurance Education
– The purpose of CyberCIEGE is to create an extensible Information Assurance (IA) teaching and learning laboratory. Through a scenario definition language, educators can create simulations to demonstrate specific IA concepts. In addition to rigorous scientific foundations, it involves the application of abstract principles to a virtual world. This hands-on virtual laboratory provides a dynamic ...
متن کامل