Issue No. 01 - January/February (2011 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.201
Timothy Levin , Naval Postgraduate School
The construction of a complex secure system composed from individual secure components presents a variety of challenges to the designer. The authors leverage experiences from 50 years in the security R&D community and from the first-hand experience of building several high-assurance (EAL7) systems to shed light on various high-trust security engineering challenges, including those related to secure architecture, secure implementation, and trustworthy development. The authors use an example system lessons learned. The Encryption-box Security System is a trusted hardware foundation that includes hosts, called arbitrary application processors, a trusted network security controller that defines a security policy over network communications, and a trusted encryption gateway. This system of distributed components results in a comprehensive network security architecture. The authors also describe key concepts for security analysis in complex distributed systems, including the security perimeter, the allocation of policies to specific components, and the security policy domain.
Protection mechanisms, software engineering, software architectures, formal methods, access controls, security and privacy protection, operating systems
T. Levin and C. Weissman, "Lessons Learned from Building a High-Assurance Crypto Gateway," in IEEE Security & Privacy, vol. 9, no. , pp. 31-39, 2010.