Compartmented Model Workstation: Results Through Prototyping

The Defense Intelligence Agency (DIA) recognized that commercially available workstations could significantly enhance the capabilities of today´s Intelligence Data Handling Systems (IDHS) if they could be integrated with the IDHS systems in a secure manner. The Compartmented Mode Workstation (CMW) project was started at the request of the DIA to further the state-of-the-art of computer security in general and workstation security in particular. The prototype effort had two major purposes. The first purpose was to demonstrate that operationally useful implementations of each requirement could be designed and developed. The second, more general, purpose was to gain insight into what measures could be taken to augment commercially available workstations with meaningful security. Therefore, as the Security Requirements for System High and Compartmented Mode Workstations [CMWREQS] were stated, a development team attempted to implement thereon the CMW prototype. Viable approaches were found for all requirements thereby verifying the premise that a workstation and its associated operating system could be modified such that off-the-shelf software (distributed in binary form) could execute with adequate security .This paper describes compartmented mode operation, how the prototype satisfied each requirement, and the level of effort involved in the prototype implementation.