Secured Workstation to Process the Data of Different Classification Levels

• Autorzy: Zieliński Z. , Furtak J. , Chudzikiewicz J. , Stasiak A. , Brudka M.
• Języki publikacji: EN

Abstrakty

EN

The paper presents some of the results obtained within the ongoing project related with functional requirements and design models of secure workstation for special applications (SWSA). SWSA project is directed toward the combination of the existing hardware and software virtualization with cryptography and identification technologies to ensure the security of multilevel classified data by means of some formal methods. In the paper the requirements for SWSA, its hardware and software architecture, selected security solution for data processing and utilized approach to designing secure software are presented. The novel method for secure software design employs dedicated tools to verify the confidentiality and the integrity of data using Unified Modeling Language (UML) models. In general, the UML security models are embedded in and simulated with the system architecture models, thus the security problems in SWSA can be detected early during the software design. The application of UML topology models enables also to verify the fundamental requirement for MLS systems, namely the hardware isolation of subjects from different security domains.

Słowa kluczowe

EN

cryptographic protection; multilevel security; software design; UML; virtualization

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2012
• Tom: nr 3
• Strony: 5--12
• Opis fizyczny: Bibliogr. 31 poz., rys.

Twórcy

autor

Zieliński Z.

autor

Furtak J.

autor

Chudzikiewicz J.

autor

Stasiak A.

autor

Brudka M.

• Military University of Technology, Warsaw, Poland,

Bibliografia

• [1] J. P. Anderson, “Computer Security Technology Planning Study”, vol. II, ESD-TR-73-51. Electronic System Division, Air Force System Command, L. G. Hanscom Field, Bedford, MA 01730, USA, Oct. 1972.
• [2] D. E. Bell and L. J. La Padula, “Secure computer system: unified exposition and multics interpretation”, ESD-TR-75-306, Bedford, MA: ESD/AFSC, Hanscom AFB [Online]. Available: http://csrc.nist.gov/publications/history/bell76.pdf
• [3] D. E. Bell, “Looking back at the Bell-La Padula model”, in Proc. 21st Ann. Comp. Secur. Appl. Conf. ACSAC 2005, Tucson, AZ, USA, 2005, pp. 337–351.
• [4] K. J. Biba, “Integrity Considerations for secure computer systems”, Tech. Rep. MTR-3153, MITRE Corporation, Bedford, Massachusetts, USA, 1975.
• [5] D. Clark and D. R. Wilson, “A Comparison of Commercial and Military Computer Security Policies”, in Proc. IEEE Symp. Secur. Priv. S&P 1987, Oakland, California, USA, 1987, pp. 184–194.
• [6] M. Brudka and J. Furtak, “Ponad barierami – łączenie sieci o różnych klauzulach”, Biuletyn IAiR, no. 26, 2009 (in Polish).
• [7] R. Smith, “Cost profile of a highly assured, secure operating system”, ACM Trans. Inform. Sys. Secur., vol. 4, no. 1, 2001, pp. 72–101.
• [8] J. S. Robin and C. E. Irvine, “Analysis of the Intel Pentium’s ability to support a secure virtual machine monitor”, in Proc. 9th USENIX Secur. Symp., Denver, Colorado, USA, 2000.
• [9] C. E. Irvine et al., “Overview of a high assurance architecture for distributed multilevel security”, in Proc. IEEE Sys. Man, Cybernet. Inform. Assur. Worksh., West Point, NY, USA, 2004.
• [10] D. Kleidermacher, “Methods and applications of system virtualization using Intelr virtualization technology(Intelr VT)”, Intelr Technol. J., vol. 13, iss. 01, March 2009.
• [11] P. Barhamet et al., “Xen and the art of virtualization”, University of Cambridge Computer Laboratory, CGF Brussels, 2004.
• [12] A. Kivity et al., “KVM: the Linux virtual machine monitor”, in Proc. Linux Symp., Ottawa, Ontario, Canada, 2007, pp. 225–230.
• [13] D. S. Frankel, Model Driven Architecture: Applying MDA to Enter- prise Computing. New York: Wiley, 2003.
• [14] W. Dąbrowski, A. Stasiak, and M. Wolski, Modelowanie Systemów Informatycznych w Języku UML 2.1. Warszawa: PWN, 2007 (in Polish).
• [15] T. Lodderstedt, D. A. Basin, and J. Doser, “SecureUML: a UML-based modeling language for model-driven security”, in Proc. 5th Int. Conf., LNCS, vol. 2460, 2002, pp. 426–441.
• [16] “Planning deployment with the topology editor”, IBM Tutorial, 2008.
• [17] “Ustawa o ochronie informacji niejawnych”, z dnia 5 sierpnia 2010, Dz.U. nr 182, poz. 1228 (in Polish).
• [18] J. Chudzikiewicz and J. Furtak, ”Cryptographic protection of re- movable media with a USB interface for secure workstation for special applications”, J. Telecom. Inform. Technol., vol. 3, pp. 22–31, 2012.
• [19] Z. Zieliński, A. Stasiak, and W. Dąbrowski, “A Model Driven Method for Multilevel Security Systems Design”, Przegląd Elektrotechniczny (Electrical Review), No. 2, 2012, pp. 120–125.
• [20] D. Basin, M. Clavel, J. Doser, and M. Egea, “Automated Analysis of Security-Design Models”, Preprint submitted to Elsevier, 2007.
• [21] N. Makin, “Anatomy of a topology model in Rational Software Architect Version 7.5: Part 1: Deployment modeling”, IBM, 2008.
• [22] “Modeling deployment topologies”, IBM Tutorial, 2008.
• [23] N. Makin, “Anatomy of a topology model used in IBM Rational Software Architect Version 7.5: Part 2: Advanced concepts”, IBM, 2008.
• [24] S. Willard, General Topology. Courier Dover Publications, 2004.
• [25] N. Li and J. C. Mitchell, “RT: A role-based trust management framework”, in Proc. 3rd DARPA Inform. Surviv. Conf. Exposition DISCEX III, Washington, DC, USA, 2003, pp. 201–212.
• [26] S. T. King, P. M. Chen, Y. Wang, C. Verbowski, H. J. Wang, and J. R. Lorch, “SubVirt: Implementing Malware with Virtual Machines”, in Proc. IEEE Sym. Secur. Priv. S&P 2006, Berkeley, CA, USA, 2006.
• [27] P. Ferrie, “Attacks on Virtual Machine Emulators”, in Proc. Association of Anti Virus Asia Res. Conf., Auckland, New Zealand, 2006.
• [28] S. Mellor and M. Balcer, Executable UML: A Foundation for Model- Driven Architecture. Boston: Addison Wesley, 2002.
• [29] M. Fowler and R. Parsons, Domain Specific Languages. Boston: Addison Wesley, 2010.
• [30] M. Fowler, Patterns of Enterprise Application Architecture. Boston: Addison Wesley, 2002.
• [31] J. Jürjens, Secure Systems Development with UML. Berlin: Springer, 2010.