ABSTRACT
We have developed the Cross Domain Desktop Compositor, a hardware-based multi-level secure user interface, suitable for deployment in high-assurance environments.
Through composition of digital display data from multiple physically-isolated single-level secure domains, and judicious switching of keyboard and mouse input, we provide an integrated multi-domain desktop solution. The system developed enforces a strict information flow policy and requires no trusted software. To fulfil high-assurance requirements and achieve a low cost of accreditation, the architecture favours simplicity, using mainly commercial-off-the-shelf components complemented by small trustworthy hardware elements.
The resulting user interface is intuitive and responsive and we show how it can be further leveraged to create integrated multi-level applications and support managed information flows for secure cross domain solutions.
This is a new approach to the construction of multi-level secure user interfaces and multi-level applications which minimises the required trusted computing base, whilst maintaining much of the desired functionality.
- Air Force Research Laboratory AFRL/RIEB. SecureView overview. http://www.ainfosec.com/wp-content/uploads/2013/10/SecureView_Overview_Master_PA_Cleared_7Oct13.pdf, October 2013.Google Scholar
- P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. ACM SIGOPS Operating Systems Review, 37(5):164--177, 2003. Google ScholarDigital Library
- Common Criteria Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance components, Version 3.1 Rev 4. http://www.commoncriteriaportal.org/cc/, Sept. 2012.Google Scholar
- J. Epstein, J. McHugh, R. Pascale, H. Orman, G. Benson, C. Martin, A. Marmor-Squires, B. Danner, and M. Branstad. A prototype B3 trusted X Window System. In Computer Security Applications Conference, 1991. Proceedings., Seventh Annual, pages 44--55. IEEE, 1991.Google ScholarCross Ref
- N. Feske and C. Helmuth. A Nitpicker's guide to a minimal-complexity secure GUI. In Computer Security Applications Conference, 21st Annual, pages 85--94. IEEE, 2005. Google ScholarDigital Library
- General Dynamics, C4 Systems. Secure virtualisation: Today's reality, 2009. WP-TVE-1-0409.Google Scholar
- J. Goguen and J. Meseguer. Security policies and security models. In Security and Privacy (SP), 1982 IEEE Symposium on, pages 11--20, Oakland, California, USA, 1982.Google ScholarCross Ref
- D. Hardin, R. Richards, and M. Wilding. High assurance guard for security applications utilizing authentication and authorization services for sources of network data, Nov. 4 2014. US Patent 8,881,260.Google Scholar
- M. Kang, A. Moore, and I. Moskowitz. Design and assurance strategy for the NRL Pump. In High-Assurance Systems Engineering Workshop, 1997., Proceedings, pages 64--71, Aug 1997.Google ScholarCross Ref
- R. Kerber and B. Globe. Cost of data breach at TJX soars to $256 m. Boston Globe, http://www.boston.com/business/globe/articles/2007/08/15/cost_of_data_breach_at_tjx_soars_to_256m, 2007.Google Scholar
- T. Murray, D. Matichuk, M. Brassil, P. Gammie, and G. Klein. Noninterference for operating system kernels. In Chris Hawblitzel and Dale Miller, editor, The Second International Conference on Certified Programs and Proofs, pages 126--142, Kyoto, Dec. 2012. Google ScholarDigital Library
- T. Nipkow, L. Paulson, and M. Wenzel. Isabelle/HOL: A Proof Assistant for Higher-Order Logic. In Lecture Notes in Computer Science, volume 2283. Springer-Verlag, Germany, 2002. Google ScholarDigital Library
- H. Okhravi and D. Nicol. TrustGraph: Trusted graphics subsystem for high assurance systems. In Computer Security Applications Conference, 2009. ACSAC '09. Annual, pages 254--265, Dec 2009. Google ScholarDigital Library
- C. Owen, D. Grove, T. Newby, A. Murray, C. North, and M. Pope. PRISM: Program replication and integration for seamless MILS. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 281--296. IEEE, 2011. Google ScholarDigital Library
- R. Quinn and B. Kerrigan. Faciltiating user interaction with multiple domains while preventing cross-domain transfer of data, Mar. 13 2013. US Patent App. 13/800,262.Google Scholar
- Raytheon Company. Raytheon Trusted Thin Client (rtn_216411.pdf), 2014. http://www.raytheoncyber.com.Google Scholar
- J. Rutkowska and R. Wojtczuk. Qubes OS architecture. Invisible Things Lab Tech Rep, page 54, 2010.Google Scholar
- R. H. Sherman, G. W. Dinolt, and F. Hubbard. Multilevel secure workstation, Dec. 24 1991. US Patent 5,075,884.Google Scholar
- Smart Security Labs. K424F-SH Brochure. http://www.smartavi.com/assets/files/b_K424F_Brochure.pdf.Google Scholar
- A. Soffer and O. Vaisband. Secure KVM device ensuring isolation of host computers, July 1 2014. US Patent 8,769,172.Google Scholar
- G. Stoneburner. Developer-focused assurance requirements {Evaluation Assurance Level and Common Criteria for IT system evaluation}. Computer, 38(7):91--93, July 2005. Google ScholarDigital Library
- M. Tehranipoor and F. Koushanfar. A survey of hardware trojan taxonomy and detection. Design Test of Computers, IEEE, 27(1):10--25, Jan 2010. Google ScholarDigital Library
- J. M. Wing. A symbiotic relationship between formal methods and security. In Computer Security, Dependability and Assurance: From Needs to Solutions, 1998. Proceedings, pages 26--38. IEEE, 1998. Google ScholarDigital Library
- Y. Yeh. Triple-triple redundant 777 primary flight computer. In Aerospace Applications Conference, 1996. Proceedings., 1996 IEEE, volume 1, pages 293--307 vol.1, Feb 1996.Google ScholarCross Ref
Recommendations
Cross-domain privacy-preserving cooperative firewall optimization
Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks each incoming or outgoing packet to decide whether to accept or discard the packet based on its policy. Optimizing firewall policies is crucial for ...
Security Scheme for Cross-Domain Grid: Integrating WS-Trust and Grid Security Mechanism
CIS '08: Proceedings of the 2008 International Conference on Computational Intelligence and Security - Volume 01A federated security scheme based on WS-Security standard for cross-domain Grid is proposed. It integrates the WS-Security standard and the Grid security mechanism. A trust model is established based on WS-Trust specification. A communication is ...
Beyond cross-domain learning: Multiple-domain nonnegative matrix factorization
Traditional cross-domain learning methods transfer learning from a source domain to a target domain. In this paper, we propose the multiple-domain learning problem for several equally treated domains. The multiple-domain learning problem assumes that ...
Comments