• DocumentCode
    3334469
  • Title

    Using type enforcement to assure a configurable guard

  • Author

    Greve, Paula ; Hoffman, John ; Smith, Richard E.

  • Author_Institution
    Secure Comput. Corp., Roseville, MN, USA
  • fYear
    1997
  • fDate
    8-12 Dec 1997
  • Firstpage
    146
  • Lastpage
    154
  • Abstract
    Prior to the introduction of guard systems for electronic mail, guards tended to be overly specialized and not versatile enough for today´s user community. The paper examines the use of type enforcement to create a highly assured yet administrator configurable guard. The administrator must be able to trust that the configuration provided will indeed be followed. This occurs by using highly assured or trusted components. These trusted components are then linked together via type enforcement to form a pipeline, with one input channel for data to enter the guard, and one separate, connected output channel for data to exit the guard. These channels are connected via assured processes whose behavior is restricted by the type enforcement mechanism. Furthermore, type enforcement is also used to isolate many components of the guard, which simplifies the assurance arguments. This technology is applied in the latest operational guards developed by the Secure Computing Corporation
  • Keywords
    computer network management; electronic mail; message passing; network servers; administrator configurable guard; assurance arguments; assured processes; configurable guard; connected output channel; electronic mail; guard systems; input channel; operational guards; pipeline; trusted components; type enforcement; Computer architecture; Cryptography; Electronic mail; Filters; National security; Network servers; Protocols; Software standards; Telecommunication traffic; Testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 1997. Proceedings., 13th Annual
  • Conference_Location
    San Diego, CA
  • ISSN
    1063-9527
  • Print_ISBN
    0-8186-8274-4
  • Type

    conf

  • DOI
    10.1109/CSAC.1997.646187
  • Filename
    646187