Reducing the risk of multi-level secure (MLS) workstations

Great interest exists within the military in using advances in multi-level secure (MLS) technology to improve operational capability. However, many practical operational applications demand more from the technology from an assurance standpoint than is currently available in most commercial MLS products. For example, following a strict Yellow Book definition for the separation of DoD secret to unclassified requires B3 level technology. The most usable commercial MLS products on the market today are targeted at the B1 level, a substantial reduction in assurance from the B3 mandated by the Yellow Book. However the Yellow Book was merely written as a guideline for applying MLS technology. While there is certainly some risk associated with using B1 level technology, there are practical measures that can be taken to substantially reduce the risk of using B1 level technology. This paper documents several techniques we have employed on several MLS installations in the Navy. The techniques are designed to reduce the overall risk of penetration on the systems. While many of the techniques can be used to improve the security of most Unix operating systems, they particularly reduce the operational risk of using an MLS operating system