research-article

MYSEA: the monterey security architecture

Authors:

Cynthia E. Irvine,

Thuy D. Nguyen,

David J. Shifflett,

Timothy E. Levin,

Charles Prince,

Mark GondreeAuthors Info & Claims

STC '09: Proceedings of the 2009 ACM workshop on Scalable trusted computing

Pages 39 - 48

https://doi.org/10.1145/1655108.1655115

Published: 13 November 2009 Publication History

Abstract

Mandated requirements to share information across different sensitivity domains necessitate the design of distributed architectures to enforce information flow policies while providing protection from malicious code and attacks devised by highly motivated adversaries. The MYSEA architecture uses component security services and mechanisms to extend and inter-operate with commodity PCs, commodity client software, applications, trusted components, and legacy single level networks, providing new capabilities for composing secure, distributed multilevel secure solutions. This results in an architecture that meets two compelling requirements: first, that users have a familiar work environment, and, second, that critical mandatory security policies are enforced.

References

[1]

AFCEA. The Need to Share: The U.S. Intelligence Community and Law Enforcement. http://www.afcea.org/mission/intel/documents/ SpringIntel07whitepaper 000.pdf (Last checked: 3 Aug 2009), Fairfax, VA, April 2007.

[2]

J. P. Anderson. Computer security technology planning study. Technical Report ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, 1972. (Also available as Vol. I,DITCAD-758206. Vol. II, DITCAD-772806).

[3]

M. Anderson, C. North, J. Griffin, R. Milner, J. Yesberg, and K. Yiu. Starlight: Interactive link. In Proc. 12th Computer Security Applications Conf., San Diego, CA, December 1996.

Digital Library

[4]

C. Aurrecoechea, A. Campbell, and L. Hauw. A Survey of Quality of Service Architectures. Multimedia Systems Journal, 1996.

[5]

L. BAE Systems Information Technology. Security Target, Version 1.11 for XTS-400 Version 6. BAE, December 2004.

[6]

S. Balmer. Framework for a High-Assurance Security Extension to Commercial Network Clients. Master's thesis, Naval Postgraduate School, Monterey, CA, September 1999.

[7]

S. R. Balmer and C. E. Irvine. Analysis of Terminal Server Architectures for Thin Clients in a High Assurance Network. In Proc. National Information Systems Security Conf., pages 192--202, Baltimore, MD, October 2000.

[8]

S. Bartram. Supporting a Trusted Path for the Linux Operating System. Master's thesis, Naval Postgraduate School, Monterey, CA, June 2000.

[9]

T. J. Baumgartner and M. D. W. Phillips. Implementation of a Network Address Translation Mechanism Over IPv6. Master's thesis, Naval Postgraduate School, Monterey, CA, June 2004.

[10]

D. Bell and L. La Padula. Secure computer systems: A mathematical model. Technical Report MTR-2547, Vol 2, MITRE Corp., Bedford, MA, Nov. 1973.

[11]

E. Bersack. Implementation of a HTTP (Web) Server on a High Assurance Multilevel Secure Platform. Master's thesis, Naval Postgraduate School, Monterey, CA, December 2000.

[12]

K. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, Mitre, Bedford, MA, Apr. 1977.

[13]

M. Blaze, J. Feigenbaum, and A. D. Keromytis. KeyNote: Trust Management for Public-Key Infrastructures. In Proc. 1998 Security Protocols International Workshop, pages 59--63, Cambridge, England, April 1998. Springer LNCS vol. 1550.

Digital Library

[14]

T. Borden, J. Hennessy, and J. Rymarczyk. Multiple Operating Systems On One Processor Complex. IBM Systems Journal, 28(1):104--123, 1989.

Digital Library

[15]

E. Brown. SMTP on a High Assurance Multilevel Server. Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.

[16]

S. Bryer-Joyner and S. Heller. Secure Local Area Network Services for a High-Assurance Multilevel Network. Master's thesis, Naval Postgraduate School, Monterey, CA, March 1999.

[17]

S. Bui. Single Sign-On Solution For MYSEA Services. Master's thesis, Naval Postgraduate School, Monterey, California, September 2005.

[18]

CCMB. Common Criteria for Information Technology Security Evaluation. Number CCMB-2006-09-001. Common Criteria Maintenance Board, 3.1 revision 1 edition, September 2006.

[19]

S. Chatterjee, B. Sabata, and J. Sydir. ERDoS QOS Architecture. Technical Report ITAD-1667-TR-98-075, SRI Intl., Menlo Park, CA, May 1998.

[20]

P. C. Clark, T. E. Levin, C. E. Irvine, and D. J. Shifflett. DNS and Multilevel Secure Networks. Technical report, Naval Postgraduate School, Monterey, California, February 2009.

[21]

R. C. Cooper. Remote Application Support in a Multi-Level Environment. Master's thesis, Naval Postgraduate School, March 2005.

[22]

D. E. Denning, T. F. Lunt, R. R. Schell, W. Shockley, and M. Heckman. Security Policy and Interpretation for a Class A1 Multilevel Secure Relational Database System. In Proc. 1988 IEEE Symposium on Security and Privacy, Oakland, CA, April 1988.

[23]

J. P. Downey and D. A. Robb. Design of a High Assurance Multilevel Mail Server (HAMMS). Master's thesis, Naval Postgraduate School, Monterey, CA, 1997.

[24]

B. Eads. Developing a High Assurance Multilevel Mail Server. Master's thesis, Naval Postgraduate School, Monterey, CA, March 1999.

[25]

M. Egan. An Implementation Of Remote Application Support In A Multilevel Environment. Master's thesis, Naval Postgraduate School, Monterey, California, March 2006.

[26]

T. Everette. Enhancement of Internet Message Access Protocol for UserFriendly Multilevel Mail Management. Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.

[27]

J. Froscher, M. Kang, J. Mcdermott, O. Costich, and C. E. Landwehr. A Practical Approach to High Assurance Multilevel Secure Computing Service. In Proc. Computer Security Applications Conf., pages 2--11, Orlando, FL, December 1994.

[28]

C. Gilkey. Proof of concept integration of a single-level service-oriented architecture into a multi-domain secure environment. Master's thesis, Naval Postgraduate School, Monterey, CA, March 2008.

[29]

R. Goldberg. Architectural Principles for Virtual Computer Systems. PhD thesis, Harvard University, Cambridge, MA, 1972.

[30]

J. Hackerson. Design of a Trusted Computing Base Extension for Commercial Off-The-Shelf Workstations (TCBE). Master's thesis, Naval Postgraduate School, Monterey, CA, September 1997.

[31]

T. Hinke. The Trusted Approach to Multilevel Security. In Proc. Computer Security Applications Conf., pages 335--341, December 1990.

[32]

IRTPA. Intelligence reform and terrorism prevention act of 2004. http://thomas.loc.gov/cgi-bin/query/D?c108:4:./temp/ c108PvI049::, 28 January 2004.

[33]

C. E. Irvine, T. Acheson, and M. F. Thompson. Building Trust into a Multilevel File System. In Proc. 13th National Computer Security Conf, pages 450--459, Washington, DC, October 1990.

[34]

C. E. Irvine, T. Levin, J. D. Wilson, D. Shifflett, and B. Pereira. An Approach to Security Requirements Engineering for a High Assurance System. Requirements Engineering, 7(4):192--208, 2002.

[35]

C. E. Irvine and T. E. Levin. Quality of Security Service. In Proc. New Security Paradigms Workshop, pages 91--99, Balleycotten, Ireland, September 2000.

Digital Library

[36]

C. E. Irvine, T. E. Levin, T. D. Nguyen, D. Shifflett, J. Khosalim, P. C. Clark, A. Wong, F. Afinidad, D. Bibighaus, and J. Sears. Overview of a High Assurance Architecture for Distributed Multilevel Security. In Proc. 2004 IEEE Systems Man and Cybernetics Information Assurance Workshop, pages 38--45, West Point, NY, June 2004.

[37]

C. E. Irvine, D. J. Shifflett, P. C. Clark, T. E. Levin, and G. W. Dinolt. MYSEA Security Architecture. Technical Report NPS-CS-02-006, Naval Postgraduate School, Monterey, CA, May 2002.

[38]

C. E. Irvine, D. J. Shifflett, P. C. Clark, T. E. Levin, and G. W. Dinolt. Monterey Security Enhanced Architecture Pro ject. In DARPA DISCEX Conf., pages 176--181, April 2003.

[39]

C. E. Irvine, D. J. Shifflett, P. C. Clark, T. E. Levin, and G. W. Dinolt. MYSEA Technology Demonstration. In DARPA DISCEX Conf., volume II, pages 10--12, April 2003.

[40]

M. H. Kang, J. N. Froscher, and B. J. Eppinger. Towards and Infrastructure for MLS Distributed Computing. In Proc. 14th Annual Computer Security Applications Conf., pages 91--100, Phoenix, AZ, December 1998.

Digital Library

[41]

M. H. Kang and I. Moskowitz. Design and Assurance Strategy for the NRL Pump. IEEE Computer, 31(4):56--64, April 1998.

Digital Library

[42]

P. A. Karger, M. E. Zurko, D. W. Bonin, A. H. Mason, and C. E. Kahn. A VMM Security Kernel for the VAX Architecture. In Proc. IEEE Symposium Research on Security and Privacy, pages 2--19, Oakland, CA, 1990.

[43]

B. Lampson. A Note on the Confinement Problem. CACM, 16(10):613--615, 1973.

Digital Library

[44]

C. Lavelle. A preliminary analysis for porting XML-based chat to MYSEA. Master's thesis, Naval Postgraduate School, Monterey, California, June.

[45]

T. E. Levin, C. E. Irvine, T. V. Benzel, G. Bhaskara, P. C. Clark, and T. D. Nguyen. Design Principles and Guidelines for Security. Technical Report NPS-CS-07-014, Naval Postgraduate School, Monterey, California, November 2007.

[46]

T. E. Levin, C. E. Irvine, and T. D. Nguyen. Least privilege in separation kernels. In J. Filipe and M. S. Obaidat, editors, E-business and Telecommunication Networks; Third International Conference, ICETE 2006, Set'ubal, Portugal, August 7-10, 2006, volume 9 of Communications in Computer and Information Science. Springer, 2008.

[47]

T. E. Levin, C. E. Irvine, and E. Spyropoulou. Quality of Security Service: Adaptive Security, volume 3, pages 1016--1025. John Wiley and Sons, Hoboken, NJ, January 2006.

[48]

J. Linn. Generic Security Service Application Program Interface Version 2, Update 1, 2000.

[49]

P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. Technical report, National Security Agency, October 2001.

[50]

T. F. Lunt, R. R. Schell, W. Shockley, M. Heckman, and D. Warren. A Near-Term Design for the SeaView Multilevel Database System. In Proc. IEEE Symposium on Security and Privacy, pages 234--244, Oakland, 1988.

[51]

Microsoft. Windows 2000 Evaluated Configuration Administrator's Guide, Version 1.0. Technical report, Microsoft Corporation, Redmond, WA, 2002.

[52]

P. Myers. Subversion: The Neglected Aspect of Computer Security. Master's thesis, Naval Postgraduate School, Monterey, CA, 1980.

[53]

NCSC. A guide to understanding ob ject reuse in trusted systems. Technical Report NCSC TG-018, National Computer Security Center (NCSC), Fort George G. Meade, MD, 1991.

[54]

T. D. Nguyen, C. E. Irvine, and T. E. Levin. A Testbed for High Assurance and Dynamic Security. Technical Report NPS-CS-08-010, Naval Postgraduate School, Monterey, CA, May 2008.

[55]

T. D. Nguyen, T. E. Levin, and C. E. Irvine. MYSEA testbed. In Proc. 6th IEEE Systems, Man and Cybernetics Information Assurance Workshop, pages 438--439, West Point, NY, June 2005.

[56]

M. O'Neal. A Design Comparison Between IPv4 and IPv6 in the Context of MYSEA, and Implementation of an IPv6 MYSEA Prototype. Master's thesis, Naval Postgraduate School, Monterey, CA, June 2003.

[57]

K. L. Ong. Design and Implementation of Wiki Services in a Multilevel Secure Environment. Master's thesis, Naval Postgraduate School, Monterey, California, December 2007.

[58]

K. L. Ong, T. D. Nguyen, and C. E. Irvine. Implementation of a Multilevel Wiki for Cross-Domain Collaboration. In Proc. Third International Conf. on i-Warfare and Security, pages 293--304, Omaha, NB, April 2008.

[59]

A. Ott. The Rule Sett Based Access Control (RSBAC) Linux Kernel Security Extension. In 8th International Linux Kongress, Enschede, Netherlands, November 2001. Linux-Kongress.

[60]

B. Pomeroy and S. Weisman. Private Desktops and Shared Store. In Proc. 14th Computer Security Applications Conf., pages 190--200, Phoenix, AZ, December 1998.

Digital Library

[61]

A. D. Portner. A prototype of multilevel data integration in the MYSEA testbed. Master's thesis, Naval Postgraduate School, Monterey, California, September 2007.

[62]

J. S. Robin and C. E. Irvine. Analyzing the Intel Pentium's Capability to Support a Secure Virtual Machine Monitor. In Proc. 9th USENIX Security Symposium, Denver, CO, August 2000.

Digital Library

[63]

R. K. Rossetti. A Mail File Administration Tool for a Multilevel High Assurance LAN. Master's thesis, Naval Postgraduate School, Monterey, CA, September 2000.

[64]

J. Rushby and B. Randell. A Distributed Secure System. In Computer, pages 55--67, May 1983.

Digital Library

[65]

J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proc. IEEE, 63(9):1278--1308, 1975.

[66]

C. Sanders. Information Support to Multinational Operations. The Edge, 5(2), July 2001.

[67]

P. A. Schneck and K. Schwann. Dynamic Authentication for High-Performance Networked Applications. Technical Report GIT-CC-98-08, Georgia Institute of Technology College of Computing, 1998.

[68]

M. D. Schroeder and J. H. Saltzer. A hardware architecture for implementing protection rings. Comm. A.C.M., 15(3):157--170, 1972.

Digital Library

[69]

J. D. Sears. Simultaneous Connection Management and Protection in a Distributed Multilevel Security Environment,. Master's thesis, Naval Postgraduate School, Monterey, CA, September 2004.

[70]

W. R. Shockley and R. R. Schell. TCB subsets for incremental evaluation. In Proc. Third AIAA Conf. on Computer Security, pages 131--139, December 1987.

[71]

S. Smalley and T. Fraser. A Security Policy Configuration for Security-Enhanced Linux. Technical report, NAI Labs, January 2001.

[72]

Sun Microsystems, Palo Alto, CA. Trusted Solaris Security Features Users Guide, 1994.

[73]

T. F. Tenhunen. Implementing an Intrusion Detection System in the MYSEA Architecture. Master's thesis, Naval Postgraduate School, Monterey, California, June 2008.

[74]

R. C. Vernon. A design for sensing the boot type of a trusted platform module enabled computer. Master's thesis, Naval Postgraduate School, Monterey, California, September 2005.

[75]

R. C. Vernon, C. E. Irvine, and T. E. Levin. Toward a boot odometer. In Proceedings from the 7th IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, June 2006.

[76]

Wang Government Services, Inc., McLean, VA. XTS-300 User's Manual, Document ID: FS92-373-07, March 1998.

[77]

L. Welch, M. W. Masters, L. Madden, D. Marlow, P. Irey, P. Werme, and B. Shirazi. A Distributed System Reference Architecture for Adaptive QoS and Resource Management. In J. Rolim, editor, Proc. 11th IPPS/SPDP'99 Workshops, pages 1316--1326, Berlin, April 1999. Springer.

Digital Library

[78]

J. Wilson. Trusted Networking in a Multilevel Secure Environment. Master's thesis, Naval Postgraduate School, Monterey, CA, June 2000.

[79]

P. Wolfowitz, "Global Information Grid (GIG) overarching policy" U.S. Department of Defense, directive number 8100.1, 19 September 2002.

Cited By

Srinivasan AWu JZhu WCuzzocrea A(2014)SAFEProceedings of the First International Workshop on Privacy and Secuirty of Big Data10.1145/2663715.2669612(19-28)Online publication date: 7-Nov-2014
https://dl.acm.org/doi/10.1145/2663715.2669612
Nguyen TGondree MKhosalim JIrvine C(2013)Towards a Cross-Domain MapReduce FrameworkMILCOM 2013 - 2013 IEEE Military Communications Conference10.1109/MILCOM.2013.243(1436-1441)Online publication date: Nov-2013
https://doi.org/10.1109/MILCOM.2013.243
Wrona KHallingstad G(2011)Controlled information sharing in NATO operations2011 - MILCOM 2011 Military Communications Conference10.1109/MILCOM.2011.6127479(1285-1290)Online publication date: Nov-2011
https://doi.org/10.1109/MILCOM.2011.6127479
Show More Cited By

Index Terms

MYSEA: the monterey security architecture
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software creation and management
    1. Designing software
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

Integrating Security Policies via Container Portable Interceptors

To integrate security into middleware, the middleware must provide appropriate hooks and interfacesand meet the security architecture's requirements. In most cases, modifying existing systems is morepractical than developing new, secure middleware from ...
Improving operating system security

Existing operating system security models implicity measure security with an invalid measurement function, by assuming that denial of access necessarily increases security. Security should be measured against the level of security desired by the owners ...
Matchbox: Secure Data Sharing

Homeland security requires that organizations share sensitive data, but both suppliers and users must typically restrict data access for security, legal, or business reasons. Matchbox database servers provide highly secure, fine-grained access control ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STC '09: Proceedings of the 2009 ACM workshop on Scalable trusted computing

November 2009

82 pages

ISBN:9781605587882

DOI:10.1145/1655108

General Chair:
Shouhuai Xu
University of Texas, San Antonio, USA
,
Program Chairs:
N. Asokan
Nokia Research, Finland
,
Cristina Nita-Rotaru
CERIAS, Purdue University, USA
,
Jean-Pierre Seifert
Technische Universitat and Deutsche Telekom Laboratories, Germany

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 17 of 31 submissions, 55%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
313
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Srinivasan AWu JZhu WCuzzocrea A(2014)SAFEProceedings of the First International Workshop on Privacy and Secuirty of Big Data10.1145/2663715.2669612(19-28)Online publication date: 7-Nov-2014
https://dl.acm.org/doi/10.1145/2663715.2669612
Nguyen TGondree MKhosalim JIrvine C(2013)Towards a Cross-Domain MapReduce FrameworkMILCOM 2013 - 2013 IEEE Military Communications Conference10.1109/MILCOM.2013.243(1436-1441)Online publication date: Nov-2013
https://doi.org/10.1109/MILCOM.2013.243
Wrona KHallingstad G(2011)Controlled information sharing in NATO operations2011 - MILCOM 2011 Military Communications Conference10.1109/MILCOM.2011.6127479(1285-1290)Online publication date: Nov-2011
https://doi.org/10.1109/MILCOM.2011.6127479
Irvine CNguyen T(2010)Educating the Systems Security Engineer's ApprenticeIEEE Security and Privacy10.1109/MSP.2010.1238:4(58-61)Online publication date: 1-Jul-2010
https://dl.acm.org/doi/10.1109/MSP.2010.123
Nguyen TGondree MShifflett DKhosalim JLevin TIrvine C(2010)A cloud-oriented cross-domain security architecture2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE10.1109/MILCOM.2010.5680360(441-447)Online publication date: Oct-2010
https://doi.org/10.1109/MILCOM.2010.5680360

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents