Data Integrity Limitations in Highly Secure Systems

Abstract : We discuss a class of computer/network architectures that supports multilevel security while utilizing commercial-off-the-shelf (COTS) workstations and COTS productivity software applications. We show that a property of these architectures is that, while supporting multilevel confidentiality policies, they do not generally support partially ordered integrity policies: specifically, these architectures do not support the maintenance of data that is higher in integrity than the integrity level of the COTS components.

[1]  Roger R. Schell,et al.  Mechanism Sufficiency Validation by Assignment , 1981, 1981 IEEE Symposium on Security and Privacy.

[2]  Mark C. Paulk,et al.  A Comparison of ISO 9001 and the Capability Maturity Model for Software , 1994 .

[3]  Cynthia E. Irvine,et al.  Building Trust Into A Multilevel File System , 1990 .

[4]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[5]  T.F. Lunt,et al.  A near-term design for the SeaView multilevel database system , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[6]  Simon R. Wiseman,et al.  Private desktops and shared store , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[8]  Kenneth Kwok-Hei Yiu,et al.  Starlight: Interactive Link , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[9]  Cynthia E. Irvine,et al.  High Assurance Multilevel Services For Off-The-Shelf Workstation Applications , 1998 .

[10]  K. Thompson Reflections on trusting trust , 1984, CACM.

[11]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .