An implementation of MLS on a network of workstations using X.500/509

Author

Davis, James ; Jacobson, Doug ; Bridges, Stephanie ; Wright, Ken

Author_Institution

Dept. of Electr. Eng. & Comput. Eng., Iowa State Univ., Ames, IA, USA

fYear

1997

fDate

5-7 Feb 1997

Firstpage

546

Lastpage

553

Abstract

We describe a project whose goal is to provide a secure distributed access control mechanism for user tasks in a heterogeneous network of computing resources. This is accomplished by implementing a UNIX-based multi-level security (MLS) scheme where users and resources are labeled with a security level and a group. Access control is enforced by an access list server that uses X.500 directory and X.509 authentication services. Groundwork is laid for the next step of the project, which is to extend the security services for migrating tasks so that workstations are protected from security threats posed by incoming tasks, and also to protect tasks from threats originating from the workstation

Keywords

Unix; authorisation; client-server systems; local area networks; open systems; security of data; software standards; telecommunication standards; MLS; UNIX; X.500; X.509; access list server; authentication services; heterogeneous network; multi-level security; secure distributed access control; user tasks; workstation network; Access control; Authentication; Information security; Jacobian matrices; Libraries; Multilevel systems; Network servers; Protection; System testing; Workstations;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance, Computing, and Communications Conference, 1997. IPCCC 1997., IEEE International

Conference_Location

Phoenix, Tempe, AZ

Print_ISBN

0-7803-3873-1

Type

conf

DOI

10.1109/PCCC.1997.581562

Filename

581562