This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Design and Assurance Strategy for the NRL Pump
April 1998 (vol. 31 no. 4)
pp. 56-64
In the past 20 years, only a handful of high-assurance, multilevel, secure computers have been built, and even these are rarely used in operational environments. Such systems suffer a host of disadvantages: They cost too much, lack user-friendly features and development environments, take too much time to evaluate and certify, and do not scale well for secure distributed computing. This lack of satisfactory security solutions is disturbing in light of the trend toward open and distributed computing, which increases a system?s vulnerability to attack. The authors propose basing security solutions instead on a multiple single-level security architecture, which uses commercial (nonsecure) products for general-purpose computing and special- purpose high-assurance devices to separate data at different security levels. A multiple single-level architecture is a viable and practical solution to distributed multilevel secure computing. The keystone of this architecture is a trusted device that "pumps" data from a low security level to a higher one. The authors describe the software design and assurance argument strategy for this device, the Network NRL Pump, which can be used in any multilevel secure distributed architecture.
Citation:
Myong H. Kang, Andrew P. Moore, Ira S. Moskowitz, "Design and Assurance Strategy for the NRL Pump," Computer, vol. 31, no. 4, pp. 56-64, April 1998, doi:10.1109/2.666843
Usage of this product signifies your acceptance of the Terms of Use.