Simple assured bastion hosts

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by C. Cant Articles by S. Wiseman

13th Annual Computer Security Applications Conference (ACSAC '97)

San Diego, CA

December 08-December 12

ISBN: 0-8186-8274-4

	ASCII Text	x
	C. Cant, S. Wiseman, "Simple assured bastion hosts," Computer Security Applications Conference, Annual, pp. 24, 13th Annual Computer Security Applications Conference (ACSAC '97), 1997.

	BibTex	x
	@article{ 10.1109/CSAC.1997.646170, author = {C. Cant and S. Wiseman}, title = {Simple assured bastion hosts}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {1997}, isbn = {0-8186-8274-4}, pages = {24}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.1997.646170}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Simple assured bastion hosts SN - 0-8186-8274-4 SP EP A1 - C. Cant, A1 - S. Wiseman, PY - 1997 KW - authorisation; assured firewalls; compartmented mode workstation; ITSEC E3 assurance; evaluation effort reuse; bastion host architecture; unevaluated proxies; information exporting; trusted path export sanction; evaluated release checker VL - 0 JA - Computer Security Applications Conference, Annual ER -

C. Cant, Defence Evaluation & Res. Agency, Malvern, UK

S. Wiseman, Defence Evaluation & Res. Agency, Malvern, UK

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.1997.646170

It is shown how compartmented mode workstation (CMW) technology can be used as the basis of simple assured firewalls, where the vast majority of the evaluation effort required is reused from the evaluation of the CMW. The generic bastion host architecture described provides ITSEC E3 assurance that the unevaluated proxies cannot be bypassed. Assurance that the inappropriate export of information is prevented, can be gained by extending a trusted path export sanction from the user's desktop to an evaluated release checker in the firewall.

Index Terms:

authorisation; assured firewalls; compartmented mode workstation; ITSEC E3 assurance; evaluation effort reuse; bastion host architecture; unevaluated proxies; information exporting; trusted path export sanction; evaluated release checker

Citation:

C. Cant, S. Wiseman, "Simple assured bastion hosts," acsac, pp.24, 13th Annual Computer Security Applications Conference (ACSAC '97), 1997

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.