Constructing a High Assurance Mail Guard
暂无分享,去创建一个
This paper describes the mail guard constructed as part of the Secure Network Server (SNS) Development Program. The SNS Mail Guard (SMG) provides a highly trustworthy device for transferring electronic mail between networks of differing security levels in accordance with site specific policies. The site defines its message transfer policies based on specific tests of message contents. The development effort pursued high assurance through compliance with trusted software development requirements and through formal assurance of security properties. The resulting mail guard uses the type enforcement capabilities of the LOCK® trusted computing base (TCB) to provide the most trustworthy facility achievable with current technology. We have found that high assurance security does not visibly impact mail guard performance.
[1] O. Sami Saydjari,et al. LOCK trek: navigating uncharted space , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.
[2] Richard E. Smith. MLS file service for network data sharing , 1993, Proceedings of 9th Annual Computer Security Applications Conference.