Design and Assurance Strategy for the NRL Pump

The NRL Pump forwards messages from a low level system to a high level system and monitors the timing of acknowledgments from the high level system to minimize leaks. It is the keystone to a proposed architecture that uses specialized high assurance devices to separate data at different security levels. We describe the software design and assurance argument strategy for this device, the Network NRL Pump, which can be used in any multilevel secure distributed architecture. We have completed the system requirements and logical design of a prototype pump and are working on its physical design.

[1]  Amnon Naamad,et al.  Statemate: a working environment for the development of complex reactive systems , 1988, ICSE '88.

[2]  A. P. Moore,et al.  Increasing assurance with literate programming techniques , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[3]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[4]  Myong H. Kang,et al.  Design and assurance strategy for the NRL pump , 1997, Proceedings 1997 High-Assurance Engineering Workshop.

[5]  Ira S. Moskowitz,et al.  A case study of two NRL Pump prototypes , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[6]  Sentot Kromodimoeljo,et al.  EVES: An Overview , 1991, VDM Europe.

[7]  Ira S. Moskowitz,et al.  Simple timing channels , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  William E. Lorensen,et al.  Object-Oriented Modeling and Design , 1991, TOOLS.

[9]  Ira S. Moskowitz,et al.  A Data Pump for Communication , 1995 .

[10]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[11]  Ira S. Moskowitz,et al.  The channel capacity of a certain noisy timing channel , 1992, IEEE Trans. Inf. Theory.

[12]  John C. Wray An Analysis of Covert Timing Channels , 1992, J. Comput. Secur..

[13]  Ira S. Moskowitz,et al.  A framework for MLS interoperability , 1996, Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076).

[14]  Oliver Costich,et al.  A practical approach to high assurance multilevel secure computing service , 1994, Tenth Annual Computer Security Applications Conference.

[15]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[16]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..

[17]  Dan Craigen,et al.  With contributions from , 2007 .

[18]  J. Voas,et al.  Software Testability: The New Verification , 1995, IEEE Softw..

[19]  Ira S. Moskowitz,et al.  An architecture for multilevel secure interoperability , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[20]  Andrew P. Moore,et al.  An experience modeling critical requirements , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.