Using Web technologies in two MLS environments: a security analysis

Presents an analysis of the use of the HyperText Transfer Protocol (HTTP) and other Web technologies for multi-level secure (MLS) systems that are connected to single-level network environments (e.g. Internet-like and intranet-like environments). Multiple single-level networks may be connected to these MLS systems. This analysis considers two examples of MLS systems. Known HTTP and Web security vulnerabilities are considered in the context of multi-level operations planned for an MLS database server to be accessed by Web browser software and for an MLS infrastructure supporting Web browsing on multiple Webs that each have a different security sensitivity level. The analysis focuses on the transfer of information across security boundaries where the security classification of information on one side of the boundary differs from that of the other side (a high-to-low or low-to-high transfer of information). The transfer of information is initiated by the Web browser (a network client) and the bulk of information transferred is data returned from the Web server. The analysis also focuses on threats from the less secure side of the boundary, including the threats of insertion of malicious code (e.g. virus or Trojan horse code) and denial-of-service attacks. The applications are referred to as the “high-to-low” example and the “low-to-high” example, denoting the direction of primary information flow