A Security Model for Military Message Systems.
NAVAL RESEARCH LAB WASHINGTON DC
Pagination or Media Count:
Military systems that process classified information must operate in a secure manner i.e., they must protect information adequately against unauthorized disclosure, modification, and withholding. A goal of current research in computer security is to facilitate the construction of multilevel secure systems, systems that protect information of various classifications from users with different clearances. Security models are used to define the concept of security embodied by a computer system. A single model, called the Bell-LaPadula model, has dominated recent efforts to build secure systems but has deficiencies. We are developing a new approach to defining security models based on the idea that a security model should be derived from a specific application. To evaluate our approach, we have formulated a security model for a family of military message systems. This report introduces the message-system application, describes the problems of using the Bell-LaPadula model in real applications, presents our security model both informally and formally, and summarizes our approach to developing secure message systems. Significant aspects of the security model are its definition of multilevel objects and its inclusion of application-dependent security assertions. Prototypes based on this model are being developed.
- Computer Programming and Software
- Computer Hardware
- Military Intelligence