Computer Security Applications Conference, Annual (1996)
San Diego California
Dec. 9, 1996 to Dec. 13, 1996
J.A. Davidson , Norex Co., San Diego, CA, USA
Examines a surprisingly simple application of unidirectional security that supports essentially risk-free MLS (multi-level security). It is an unusual environment because security rules can be absolutely enforced. Not only security violations, but also multi-level communication handshaking and most downgrading is not simply disallowed, but prevented. Experiments conducted using hardware multiple single-level nodes interconnected by unidirectional links show how this environment can be a practical alternative to software-enforced security. When we can adapt to this environment, the benefits include near-absolute strength, high performance and low cost. It seems particularly applicable to legacy systems because it is almost independent of pre-existing hardware and software.
security of data; asymmetric isolation; unidirectional security; risk-free multi-level security; absolute security rule enforcement; security violations; multi-level communication handshaking; downgrading; multiple single-level nodes; unidirectional links; hardware-enforced security; performance; cost; legacy systems; mandatory access control
J. Davidson, "Asymmetric Isolation," Computer Security Applications Conference, Annual(ACSAC), San Diego California, 1996, pp. 44.