Title :
A multi-level secure message switch with minimal TCB: architectural outline and security analysis
Author :
Lipper, E.H. ; Melamed, B. ; Morris, R.J.T. ; Zave, P.
Author_Institution :
AT&T Bell Lab., Holmdel, NJ, USA
Abstract :
The authors describe an architectural outline for a generic secure message switch. They highlight key security issues germane to the structure and functionality of a switch for routing messages of multiple sensitivity levels over communication media with multiple security levels. The design strives to minimize the trusted computing base (TCB) in order to facilitate formal and informal verification of security policies and to retain data integrity. In particular, the security policy was embedded in the type structure of a specification of the design in PAISLey. Special features of PAISLey´s type system then enabled PAISLey´s type checker to prove the security assertions automatically. The authors also discuss general design principles and a variety of security issues including unauthorized traffic analysis, covert channels, and denial of service
Keywords :
computer networks; electronic mail; message switching; security of data; PAISLey; communication media; covert channels; data integrity; denial of service; minimal TCB; secure message switch; security analysis; security assertions; sensitivity levels; trusted computing base; type structure; unauthorized traffic analysis; Access control; Communication switching; Communication system security; Computer architecture; Computer crime; Data security; Performance analysis; Resource management; Routing; Switches;
Conference_Titel :
Aerospace Computer Security Applications Conference, 1988., Fourth
Conference_Location :
Orlando, FL
Print_ISBN :
0-8186-0895-1
DOI :
10.1109/ACSAC.1988.113342
