This Article 
 Bibliographic References 
 Add to: 
Compartmented Mode Workstation: Prototype Highlights
June 1990 (vol. 16 no. 6)
pp. 608-618

The primary goal of the MITRE compartmented mode workstation (CMW) project was to articulate the security requirements that workstations must meet to process highly classified intelligence data. As a basis for the validity of the requirements developed, a prototype was implemented which demonstrated that workstations could meet the requirements in an operationally useful manner while still remaining binary compatible with off-the-shelf software. The security requirements not only addressed traditional security concerns but also introduced concepts in areas such as labeling and the use of a trusted window management system. The CMW labeling paradigm is based on associating two types of security labels with objects: sensitivity levels and information labels. Sensitivity levels describe the levels at which objects must be protected. Information labels are used to prevent data overclassification and also provide a mechanism for associating with data those markings that are required for accurate data labeling, but which play no role in access control decisions. The use of a trusted window manager allows users to easily operate at multiple sensitivity levels and provides a convenient mechanism for communicating security information to users in a relatively unobtrusive manner.

[1] C. Weissman, "Security controls in the ADEPT-50 time sharing system," inAFIPS Conf. Proc., vol. 35. Arlington, VA: AFIPS Press, 1969, pp. 119-133.
[2] J. Picciotto, "The design of an effective auditing subsystem," inProc. IEEE Symp. Security and Privacy, Apr. 1987, pp. 13-22.
[3] J. P. L. Woodward, "Security requirements for system high and compartmented mode workstation," MITRE Corp., Bedford, MA, Rep. MTR 9992, Revision 1, Nov. 1987; also published by the Defense Intelligence Agency as Document DDS-2600-5502-87.
[4] P. T. Cummingset al., "Compartmented mode workstation: Results through prototyping," inProc. IEEE Symp. Security and Privacy, Apr. 1987, pp. 2-12.
[5] U.S. Dep. Defense,Information Security Program Regulation. DoD 5200.1-R, Aug. 1982.
[6] U.S. Dep. Defense,Standard Security Markings, Defense Intelligence Agency Manual 65-19, July 1984.
[7] J. P. L. Woodward, "Exploiting the dual nature of sensitivity labels," inProc. IEEE Symp. Security and Privacy, Apr. 1987, pp. 23-30.
[8] U.S. Dep. Defense,Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, Dec. 1985.

Index Terms:
data overclassification prevention; MITRE compartmented mode workstation; security requirements; highly classified intelligence data; binary compatible; trusted window management system; security labels; objects; sensitivity levels; information labels; markings; accurate data labeling; multiple sensitivity levels; security of data; software engineering; workstations.
J.L. Berger, J. Picciotto, J.P.L. Woodward, P.T. Cummings, "Compartmented Mode Workstation: Prototype Highlights," IEEE Transactions on Software Engineering, vol. 16, no. 6, pp. 608-618, June 1990, doi:10.1109/32.55089
Usage of this product signifies your acceptance of the Terms of Use.