Abstract
The need to provide standard commercial-grade productivity applications as the general purpose user interface to high-assurance data processing environments is compelling, and has resulted in proposals for several different types of “trusted” systems. We characterize some of these systems as a class of architecture. We discuss the general integrity property that systems can only be trusted to manage modifiable data whose integrity is at or below that of their interface components. One effect of this property is that in terms of integrity these hybrid-security systems are only applicable to processing environments where the integrity of data is consistent with that of low-assurance software. Several examples are provided of hybrid-security systems subject to these limitations.
Chapter PDF
Similar content being viewed by others
References
Gemini Trusted Network Processor (GTNP). In Information Systems Security Products and Service Catalog Supplement,Report No.CSC-PB-92/001. April 1992. 4-SUP-3a.3.
ISO/IEC 15408 - Common Criteria for Information Technology Security Evaluation. Technical Report CCIB-98–026, May 1998.
The Easter Egg Archive. http://www.eeggs.com/ last modified 19 May 2000.
E. Amoroso, J. Watson, T. Nguyen, P. Lapiska, J. Weiss, and T. Star. Toward an approach to measuring software trust. In Proceedings 1991 IEEE Symposium on Security and Privacy, pages 198–218, Oakland, CA, 1991. IEEE Computer Society Press.
M. Anderson, C. North, J. Griffin, R. Milner, J. Yesberg, and K. Yiu. Starlight: Interactive Link. In Proceedings 12th Computer Security Applications Conference, San Diego, CA, December 1996.
S. Balmer and C. Irvine. Analysis of Terminal Server Architectures for Thin Clinents in a High Assurance Network. In Proceedings of the 23rd National Information Systems Security Conference, pages 192–202, Baltimore, MD, October 2000.
D. E. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations and Model. Technical Report M74–244, MITRE Corp., Bedford, MA, 1973.
K. J. Biba. Integrity Considerations for Secure Computer Systems. Technical Report ESD-TR-76–372, MITRE Corp., 1977.
W. Boebert and R. Kain. A practical alternative to hierarchical integrity policies. In Proceedings 8th DoD/NBS Computer Security Conference, pages 18–27, Gaithersburg, MD, September 1985.
T. Bridis, R. Bickman, and G. Fields. Microsoft Said Hack- ers Failed to See Codes for Its Most Popular Products. http://www.interactive.wsj.com/archive/retrieve.cgi?id=SB972663334793858544.djm October 2000.
D. Clark and D. R. Wilson. A Comparison of Commercial and Military Computer Security Policies. In Proceedings 1987 IEEE Symposium on Security and Privacy, pages 184–194, Oakland, CA, April 1987. IEEE Computer Society Press.
R. Cooper. Re: Security experts discover rogue code in Microsoft software. http://catless.ncl.ac.uk/Risks/20.88.html#subjll May 2000.
D. Denning, T. F. Lunt, R. R. Schell, W. Shockley, and M. Heckman. The seaview security model. In Proceedings 1988 IEEE Symposium on Security and Privacy, pages 218–233, Oakland, CA, April 1988. IEEE Computer Society Press.
D. E. Denning. Secure Information Flow in Computer Systems. PhD thesis, Purdue Univeristy, West Lafayette, IN, May 1975.
D. E. Denning, T. F. Lunt, R. R. Schell, W. Shockley, and M. Heckman. Security policy and interpretation for a class al multilevel secure relational database system. In Proceedings 1988 IEEE Symposium on Security and Privacy, Oakland, CA, April 1988. IEEE Computer Society Press.
M. Harrison, W. Ruzzo, and J. Ullman. Protection in Operating Systems. Com munications of the A.C.M., 19 (8): 461–471, 1976.
C. Irvine and T. Levin. Data integrity limitations in highly secure systems. In Proceedings of the International Systems Security Engineering Conference, Orlando, FL, March 2001.
C. E. Irvine, J. P. Anderson, D. Robb, and J. Hackerson. High Assurance Multilevel Services for Off-The-Shelf Workstation Applications. In Proceedings of the 20th National Information Systems Security Conference, pages 421–431, Crystal City, VA, October 1998.
P. Karger, V. Austel, and D. Toll. A new mandatory security policy combining secrecy and integrity. Technical Report RC 21717(97406), IBM Research Division, Yorktown Heights, NY, March 2000.
P. A. Karger, M. E. Zurko, D. W. Bonin, A. H. Mason, and C. E. Kahn. A VMM Security Kernel for the VAX Architecture. In Proceedings 1990 IEEE Symposium on Research in Security and Privacy, pages 2–19. IEEE Computer Society Press, 1990.
B. Lampson. A Note on the Confinement Problem. Communications of the A.C.M., 16 (10): 613–615, 1973.
T. M. P. Lee. A Note on Compartmented Mode: To B2 or not B2? In Proceedings of the 15th National Computer Security Conference, pages 448–458, Baltimore, MD, October 1992.
N. G. Levenson. Safeware- System safety and Computers. Addison-Wesley, 1995.
S. B. Lipner. Non-Discretionary Controls for Commercial Applications. In Proceedings 1982 IEEE Symposium on Security and Privacy, pages 2–20, Oakland, 1982. IEEE Computer Society Press.
T. F. Lunt, R. R. Schell, W. Shockley, M. Heckman, and D. Warren. A Near-Term Design for the SeaView Multilevel Database System. In Proceedings 1988 IEEE Symposium on Security and Privacy, pages 234–244, Oakland, 1988. IEEE Computer Society Press.
R. Meushaw and D. Simard. Nettop. Tech Tend Notes, 9 (4): 3–10, Fall 2000.
National Computer Security Center. Computer Security Requirements, Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments,CSC-STD-003–85, June 1985.
National Computer Security Center. Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, December 1985.
National Computer Security Center. Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria,NCSC-TG-005, July 1987.
National Computer Security Center. A Guide to Understanding Covert Channel Analysis of Trusted Systems,NCSC-TG-030, November 1993.
National Research Council. Trust in Cyberspace, Washington, DC, 1999. National Academy Press.
Newsscan.com. Security experts discover rogue code in Microsoft software. http://catless.ncl.ac.uk/Risks/20.87.html#subj8 April 2000.
B. Pomeroy and S. Weisman. Private Desktops and Shared Store. In Proceedings 14th Computer Security Applications Conference, pages 190–200, Phoenix, AZ, December 1998.
F. P. Preparata and R. T. Yeh. Introduction to Discrete Structures. Addison-Wesley Publishing, Co., Reading, MA, 1973.
J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63 (9): 1278–1308, 1975.
R. Schell and D. Denning. Integrity in trusted database systems. In Proceedings 9th DoD/NBS Computer Security Conference, Gaithersburg, MD, September 1986.
M. D. Schroeder, D. D. Clark, and J. H. Saltzer. The Multics Kernel Design Project. Proceedings of Sixth A.C.M. Symposium on Operating System Principles, pages 43–56, November 1977.
M. D. Schroeder and J. H. Saltzer. A Hardware Architecture for Implementing Protection Rings. Comm. A.C.M., 15 (3): 157–170, 1972.
L. J. Shirley and R. R. Schell. Mechanism Sufficiency Validation by Assignment. In Proceedings 1981 IEEE Symposium on Security and Privacy,pages 26–32, Oakland, 1981. IEEE Computer Society Press.
K. Thompson. Reflections on Trusting Trust. Communications of the A.C.M., 27 (8): 761–763, 1984.
K. B. Walter, W. F. Ogden, W. C. Rounds, F. T. Bradshaw, S. R. Ames, and D. G. Shumway. Primitive Models for Computer Security. In Case Western Reserve University Report,ESD-TR-74–117, January 1974. Electronic Systems Division, Air Force Systems Command.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer Science+Business Media New York
About this chapter
Cite this chapter
Irvine, C.E., Levin, T.E. (2002). A Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems. In: Gertz, M., Guldentops, E., Strous, L. (eds) Integrity, Internal Control and Security in Information Systems. IICIS 2001. IFIP — The International Federation for Information Processing, vol 83. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35583-2_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-35583-2_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5537-4
Online ISBN: 978-0-387-35583-2
eBook Packages: Springer Book Archive