The MLS LAN extends high assurance capabilities of an evaluated multi-level secure system to commercial personal computers (PCs) running commercial operating systems and office productivity software by using a Trusted Computing Base Extension (TCBE). The TCBE is intended to provide trusted path and object reuse supporting services to the network TCB.

Motivation
Government and Enterprise security policies require appropriate handling of sensitive material.

For security users of computer systems need:

• High assurance Virtual Machine Monitors (VMM) to separate mandatory security classes
• Concurrent access to multiple sensitivity levels
• Assurance that the security policy will be enforced in the presence of malicious software
• Connectivity to shared resources
• Support for popular application protocols

For office productivity, users want:

• Latest commercial office productivity software
• Up-to-date commercial operating systems
• Inexpensive commercial Personal Computers
• Simple TCB interfaces

Problem Statement
Create a cost effective, multi-level, easy to use office environment leveraging existing high assurance technology.

MLS LAN Solution
Evaluated, commercially available, high assurance TCB

• Reuses DoD investment in high assurance
• Locus of MAC policy enforcement
• Provides I & A and Audit
• Utilized as the multi-level server for application protocols

TCB Extension

• Confined to NIC: results in inexpensive solution
• Establish trusted path from client to server
• Control PC hardware to provide for object reuse
• Encryption services for trusted path and session protection
• Control PC boot process to ensure system integrity

Untrusted PC OS and application software run as delivered.

TCB Extension - In progress.

Enhanced Network Interface Card (NIC)

• NIC interface to LAN
• PCI/NIC interface to PC Hardware and Commercial PC OS
• Pre-boot authentication
• Support Client I/O for I&A and session level negotiation
• Current session level display
• Extend design for PC control
• Support disk requirements of commercial OS and applications
• Selection of appropriate hardware to accomplish all requirements

Current Status

IMAP e-mail server ported to the XTS-300 environment

• Capabilities expanded to read down required modification of IMAP internals
• Provides full set of standard IMAP commands for the manipulation of e-mail

SMTP Server for MLS LAN and HTTP Web Server on MLS Platform

• Porting the Apache Web Server Software onto the XTS-300
• Will provide web server applications to clients in an MLS-LAN environment

Multi-level Ethernet Services

• Trusted path connections and ongoing client sessions. Simultaneous trusted path connections for client TCBEs. Protocol for LAN-based trusted path.
• Framework to use trusted path for user I&A and session level negotiation. Secure Session Server: Single-level connection for client applications.
• Framework for encryption services: Trusted path and application sessions. Modification to XTS-300 TCB required.

Mail File Administrative Tool for LAN

• Mailtool is a trusted process that allows creation of mailboxes for any authorized user
• Mailboxes can be created at multiple classification levels
• Mailbox hierarchy can be created to represent both hierarchical and non-hierarchical classification levels

MLS LAN Team Members

• David Shifflett, NPS

Principle Investigators / Thesis Advisors

• Cynthia Irvine, NPS
• Paul Clark, NPS
• James P. Anderson, J.P.A. Co

Past Contributors

• Mark Glover, NPS
• Evelyn Bersack, CIV
• LT Emma Brown, USN
• LT Theresa Everett, USN
• LT Richard Rossetti, USN
• LtCol Jeffery Wilson, USMC
• LT James P. Downey, USN
• LT Dion Robb, USN
• Capt Jason Hackerson, USMC
• Maj Brad Eads, USMC
• LT Scott Heller, USN
• LT Susan Bryer-Joyner, USN
• LT Steven Balmer, USN
• LT Cihan Agacayak, Turkish Navy
• LT Bora Turan, Turkish Navy

Publications
Cynthia E. Irvine, Timothy E. Levin, Thuy D. Nguyen, David Shifflett, Jean Khosalim, Paul C. Clark, Albert Wong, Francis Afinidad, David Bibighaus and Joseph Sears, "Overview of a High Assurance Architecture for Distributed Multilevel Security", Proceedings of the 2004 IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, June 2004. PDF

Irvine, Nguyen, Levin, "High Assurance Testbed for Multilevel Interoperability", October 2004, NPS-CS-05-02 PDF

A Case Study in Security Requirements Engineering for a High Assurance System
Irvine, C.E., Levin, T., Wilson, J.D., Shifflett, D., and Pereira, B.
Proceedings of the 1st Symposium on Requirements Engineering for Information Security, Indianapolis, Indiana, March, 2001