More Web Proxy on the site http://driver.im/

article

A high assurance MLS file server

Authors:

Jeffrey Choi Robinson,

Jim Alves-FossAuthors Info & Claims

ACM SIGOPS Operating Systems Review, Volume 41, Issue 1

Pages 45 - 53

https://doi.org/10.1145/1228291.1228303

Published: 01 January 2007 Publication History

Abstract

In this paper, we present the design of a high assurance file server model developed to operate within the Multiple Independent Levels of Security framework. The file server model is a multilevel application that utilizes separation to mediate information flow by adhering to a security policy formulated from a modified version of the Bell and LaPadula Model and the GWVr2 policy, which is a separation kernel based policy developed for high assurance architectures. This paper focuses on the design aspects of the file server model and the underlying architecture. The purpose of this file server design is to develop a formal model to meet the formal methods requirement of Common Criteria, which is a system design and specification guideline for high assurance systems. The model is also an example application for the Multiple Independent Levels of Security architecture.

References

[1]

Alves-Foss, J. and Taylor, C. An Analysis of the GWV Security Policy. ACL2 Workshop 2004. Austin, TX, Nov. 2004.

[2]

Alves-Foss, J., Harrison, W. S., Oman, P., and Taylor, C. The MILS Architecture for High Assurance Embedded Systems. In International Journal of Embedded Systems, in press.

[3]

Bell, D. E. and LaPadula, L. Secure Computer System: Unified Exposition and Multix Interpretation. ESD-TR-75-306. Bedford, MA, MITRE Corp., 1976.

[4]

Bertino, E., Jajodia, S., Mancini, L., and Ray, I. Advanced Transaction Processing in Multi-level Secure File Stores, IEEE Transactions on Knowledge and Data Engineering, 10, 1, Jan/Feb 1998.

Digital Library

[5]

Bishop, M. Computer Security: Art and Science, Addison-Wesley Professional, New York, NY, 2003.

[6]

Canadian System Security Centre, Communications Security Establishment, The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) Version 3.0e, January 1993.

[7]

Commission of the European Communities, Information Technology Security Evaluation Criteria, Version 1.2, June 1991.

[8]

Common Criteria for Information Security Evaluation, Part 1: Introduction and General Model, Draft Version 3.0, Revision 2, CCMB-2005-07-001, June 2005.

[9]

Denning, D. E., Lunt, T. F., Schell, R. R., Shockley, W. R., and Heckman, M. The SeaView Security Model, IEEE Symposium on Security and Privacy, 1988, 218--233.

[10]

Foley, S. N. A Model for Secure Information Flow, IEEE Symposium on Security and Privacy, 1989, 248--258.

[11]

Greve, D., Wilding, M., and Vanfleet, M. V. A Separation Kernel Formal Security Policy. ACL2 Workshop 2003, (Boulder, CO, Jul. 2003).

[12]

Greve, D., Wilding, M., Richards, R., and Vanfleet, M. V. Formalizing Security Policies for Dynamic and Distributed Systems. Sep. 2004.

[13]

Hall, A. Seven Myths of Formal Methods, IEEE Software, 7, 5, Sep./Oct. 1990, 11--19.

Digital Library

[14]

Harrison, W. S., Hanebutte, N., Oman, P., and Alves-Foss, J. The MILS Architecture for a Secure Global Information Grid. In CrossTalk: Journal of Defense Software Engineering, 18, 10, Oct. 2005, 20--25.

[15]

Irvine, C. E. A Multilevel File System for High Assurance. In Proceedings of IEEE Symposium on Security and Privacy (Oakland, CA, May 8--10, 1995). IEEE, 1995, 78--87.

Digital Library

[16]

Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., and Fu. K. Plutus: Scalable Secure File Sharing on Untrusted Storage. In Proceedings of the Second USENIX Conference on File and Storage Technologies, Mar. 2003, 29--42.

Digital Library

[17]

Landwehr, C., Heitmeyer, C., and McLean, J. A Security Model for Military Message Systems, ACM Transactions on Computer Systems, 2, 3, Aug. 1984, 198--222.

Digital Library

[18]

Li, J., Krohn, M., Mazières, D., and Shasha, D. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Symposium on Operating Systems Design and Implementation, San Francisco, CA, Dec. 2004.

Digital Library

[19]

McLean, J. A Comment on the Basic Security Theorem of Bell and LaPadula, Information Processing Letters, Vol. 20(2), Feb. 1985, 67--70.

Digital Library

[20]

McNamee, D., Heller, S., and Huff, D. Building Multilevel Secure Web Services-Based Components for the Global Information Grid. CrossTalk: Journal of Defense Software Engineering, 19, 5, May 2006, 15--19.

[21]

Richards, R., Greve, D., Wilding, M., and Vanfleet, W. M. The Common Criteria, Formal Methods and ACL2. ACL2 Workshop 2004, (Austin, TX, Nov. 2004).

[22]

Riedel, E., Kallahalla, M., and Swaminathan, R. A framework for evaluating storage system security. In Proceedings of the Conference on File and Storage Technology, Monterey, CA, Jan. 2002, pp. 15--30.

Digital Library

[23]

Rushby, J. Design and verification of secure systems. ACM Operating Systems Principles, Dec. 1981, pp. 12--21.

Digital Library

[24]

Sandhu, R., and Chen, F. The Multi-level Relational (MLR) Database Data Model. ACM Transactions on Information and System Security, 1, 1, Nov. 1998, 93--132.

Digital Library

[25]

Sandhu, R. Relational Database Access Controls, Handbook of Information Security Management (1994-95 Yearbook), Auerbach Publishers, 1994, 145--160.

[26]

United States Department of Defense, Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, December 1985.

[27]

Wahsheh, L. A., and Alves-Foss, J. Specifying and Enforcing a Multi-Policy Paradigm for High Assurance Multi-Enclave Systems. Journal of High Speed Networks, 15, 3, Oct. 2006, 315--327.

[28]

Williams, J. C., and Dinolt, G. W. A Formal Model of a Trusted File Server, IEEE Symposium on Security and Privacy, 1989, 157--166.

Cited By

Zhao HLiu XZhao J(2013)Analysis and Improvement of BLP Model for Multi-Level Security DatabaseApplied Mechanics and Materials10.4028/www.scientific.net/AMM.397-400.2536397-400(2536-2539)Online publication date: Sep-2013
https://doi.org/10.4028/www.scientific.net/AMM.397-400.2536
Hanspach MKeller J(2013)In Guards We TrustProceedings of the 2013 International Conference on Social Computing10.1109/SocialCom.2013.87(578-585)Online publication date: 8-Sep-2013
https://dl.acm.org/doi/10.1109/SocialCom.2013.87
Yinping ZYulong SQingqi PXining CYahui L(2012)Security Information Flow Control Model and Method in MILSProceedings of the 2012 Eighth International Conference on Computational Intelligence and Security10.1109/CIS.2012.138(591-595)Online publication date: 17-Nov-2012
https://dl.acm.org/doi/10.1109/CIS.2012.138
Show More Cited By

Index Terms

A high assurance MLS file server

Recommendations

File server scaling with network-attached secure disks
SIGMETRICS '97: Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems

By providing direct data transfer between storage and client, network-attached storage devices have the potential to improve scalability for existing distributed file systems (by removing the server as a bottleneck) and bandwidth for new parallel and ...
File server scaling with network-attached secure disks

By providing direct data transfer between storage and client, network-attached storage devices have the potential to improve scalability for existing distributed file systems (by removing the server as a bottleneck) and bandwidth for new parallel and ...
High assurance composite systems

This paper describes a possible architecture for an MLS-secure distributed system based on a client/server model of interaction between components, and argues that a system with such an architecture can meet high levels of assurance using the same ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review

ACM SIGOPS Operating Systems Review Volume 41, Issue 1

January 2007

110 pages

ISSN:0163-5980

DOI:10.1145/1228291

Issue’s Table of Contents

Copyright © 2007 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2007

Published in SIGOPS Volume 41, Issue 1

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
618
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)3

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhao HLiu XZhao J(2013)Analysis and Improvement of BLP Model for Multi-Level Security DatabaseApplied Mechanics and Materials10.4028/www.scientific.net/AMM.397-400.2536397-400(2536-2539)Online publication date: Sep-2013
https://doi.org/10.4028/www.scientific.net/AMM.397-400.2536
Hanspach MKeller J(2013)In Guards We TrustProceedings of the 2013 International Conference on Social Computing10.1109/SocialCom.2013.87(578-585)Online publication date: 8-Sep-2013
https://dl.acm.org/doi/10.1109/SocialCom.2013.87
Yinping ZYulong SQingqi PXining CYahui L(2012)Security Information Flow Control Model and Method in MILSProceedings of the 2012 Eighth International Conference on Computational Intelligence and Security10.1109/CIS.2012.138(591-595)Online publication date: 17-Nov-2012
https://dl.acm.org/doi/10.1109/CIS.2012.138
Robinson JHarrison WHanebutte NOman PAlves-Foss JNing PAtluri V(2007)Implementing middleware for content filtering and information flow controlProceedings of the 2007 ACM workshop on Computer security architecture10.1145/1314466.1314474(47-53)Online publication date: 2-Nov-2007
https://dl.acm.org/doi/10.1145/1314466.1314474

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents