skip to main content
10.1145/2991079.2991087acmotherconferencesArticle/Chapter ViewAbstractPublication PagesacsacConference Proceedingsconference-collections
research-article

The cross domain desktop compositor: using hardware-based video compositing for a multi-level secure user interface

Authors Info & Claims
Published:05 December 2016Publication History

ABSTRACT

We have developed the Cross Domain Desktop Compositor, a hardware-based multi-level secure user interface, suitable for deployment in high-assurance environments.

Through composition of digital display data from multiple physically-isolated single-level secure domains, and judicious switching of keyboard and mouse input, we provide an integrated multi-domain desktop solution. The system developed enforces a strict information flow policy and requires no trusted software. To fulfil high-assurance requirements and achieve a low cost of accreditation, the architecture favours simplicity, using mainly commercial-off-the-shelf components complemented by small trustworthy hardware elements.

The resulting user interface is intuitive and responsive and we show how it can be further leveraged to create integrated multi-level applications and support managed information flows for secure cross domain solutions.

This is a new approach to the construction of multi-level secure user interfaces and multi-level applications which minimises the required trusted computing base, whilst maintaining much of the desired functionality.

References

  1. Air Force Research Laboratory AFRL/RIEB. SecureView overview. http://www.ainfosec.com/wp-content/uploads/2013/10/SecureView_Overview_Master_PA_Cleared_7Oct13.pdf, October 2013.Google ScholarGoogle Scholar
  2. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. ACM SIGOPS Operating Systems Review, 37(5):164--177, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Common Criteria Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance components, Version 3.1 Rev 4. http://www.commoncriteriaportal.org/cc/, Sept. 2012.Google ScholarGoogle Scholar
  4. J. Epstein, J. McHugh, R. Pascale, H. Orman, G. Benson, C. Martin, A. Marmor-Squires, B. Danner, and M. Branstad. A prototype B3 trusted X Window System. In Computer Security Applications Conference, 1991. Proceedings., Seventh Annual, pages 44--55. IEEE, 1991.Google ScholarGoogle ScholarCross RefCross Ref
  5. N. Feske and C. Helmuth. A Nitpicker's guide to a minimal-complexity secure GUI. In Computer Security Applications Conference, 21st Annual, pages 85--94. IEEE, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. General Dynamics, C4 Systems. Secure virtualisation: Today's reality, 2009. WP-TVE-1-0409.Google ScholarGoogle Scholar
  7. J. Goguen and J. Meseguer. Security policies and security models. In Security and Privacy (SP), 1982 IEEE Symposium on, pages 11--20, Oakland, California, USA, 1982.Google ScholarGoogle ScholarCross RefCross Ref
  8. D. Hardin, R. Richards, and M. Wilding. High assurance guard for security applications utilizing authentication and authorization services for sources of network data, Nov. 4 2014. US Patent 8,881,260.Google ScholarGoogle Scholar
  9. M. Kang, A. Moore, and I. Moskowitz. Design and assurance strategy for the NRL Pump. In High-Assurance Systems Engineering Workshop, 1997., Proceedings, pages 64--71, Aug 1997.Google ScholarGoogle ScholarCross RefCross Ref
  10. R. Kerber and B. Globe. Cost of data breach at TJX soars to $256 m. Boston Globe, http://www.boston.com/business/globe/articles/2007/08/15/cost_of_data_breach_at_tjx_soars_to_256m, 2007.Google ScholarGoogle Scholar
  11. T. Murray, D. Matichuk, M. Brassil, P. Gammie, and G. Klein. Noninterference for operating system kernels. In Chris Hawblitzel and Dale Miller, editor, The Second International Conference on Certified Programs and Proofs, pages 126--142, Kyoto, Dec. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. T. Nipkow, L. Paulson, and M. Wenzel. Isabelle/HOL: A Proof Assistant for Higher-Order Logic. In Lecture Notes in Computer Science, volume 2283. Springer-Verlag, Germany, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. H. Okhravi and D. Nicol. TrustGraph: Trusted graphics subsystem for high assurance systems. In Computer Security Applications Conference, 2009. ACSAC '09. Annual, pages 254--265, Dec 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. C. Owen, D. Grove, T. Newby, A. Murray, C. North, and M. Pope. PRISM: Program replication and integration for seamless MILS. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 281--296. IEEE, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. R. Quinn and B. Kerrigan. Faciltiating user interaction with multiple domains while preventing cross-domain transfer of data, Mar. 13 2013. US Patent App. 13/800,262.Google ScholarGoogle Scholar
  16. Raytheon Company. Raytheon Trusted Thin Client (rtn_216411.pdf), 2014. http://www.raytheoncyber.com.Google ScholarGoogle Scholar
  17. J. Rutkowska and R. Wojtczuk. Qubes OS architecture. Invisible Things Lab Tech Rep, page 54, 2010.Google ScholarGoogle Scholar
  18. R. H. Sherman, G. W. Dinolt, and F. Hubbard. Multilevel secure workstation, Dec. 24 1991. US Patent 5,075,884.Google ScholarGoogle Scholar
  19. Smart Security Labs. K424F-SH Brochure. http://www.smartavi.com/assets/files/b_K424F_Brochure.pdf.Google ScholarGoogle Scholar
  20. A. Soffer and O. Vaisband. Secure KVM device ensuring isolation of host computers, July 1 2014. US Patent 8,769,172.Google ScholarGoogle Scholar
  21. G. Stoneburner. Developer-focused assurance requirements {Evaluation Assurance Level and Common Criteria for IT system evaluation}. Computer, 38(7):91--93, July 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Tehranipoor and F. Koushanfar. A survey of hardware trojan taxonomy and detection. Design Test of Computers, IEEE, 27(1):10--25, Jan 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. J. M. Wing. A symbiotic relationship between formal methods and security. In Computer Security, Dependability and Assurance: From Needs to Solutions, 1998. Proceedings, pages 26--38. IEEE, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Y. Yeh. Triple-triple redundant 777 primary flight computer. In Aerospace Applications Conference, 1996. Proceedings., 1996 IEEE, volume 1, pages 293--307 vol.1, Feb 1996.Google ScholarGoogle ScholarCross RefCross Ref

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Sign in
  • Published in

    cover image ACM Other conferences
    ACSAC '16: Proceedings of the 32nd Annual Conference on Computer Security Applications
    December 2016
    614 pages
    ISBN:9781450347716
    DOI:10.1145/2991079

    Copyright © 2016 ACM

    Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    • Published: 5 December 2016

    Permissions

    Request permissions about this article.

    Request Permissions

    Check for updates

    Qualifiers

    • research-article

    Acceptance Rates

    Overall Acceptance Rate104of497submissions,21%

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader