presented by
|
Multilevel secure (MLS) computing should provide users with different clearances flexible access to information and computing resources that are protected according to their sensitivity. Serious attempts to provide MLS computing service began in the early-to-mid 1970's with efforts to develop MLS operating systems. MLS OS's, while an enticing vision, have proved impractical. We must now seek architectures that rely on a small number of high assurance components (gadgets), connected in clever ways (via cheap tricks), to make the benefits of COTS available to defense systems while insulating those systems from the flaws inherent in most COTS. This talk will provide historical background and enumerate some recently developed gadgets and cheap tricks developed in the U.S., Australia, and the U.K. that promise to provide MLS computing service at low cost and with high assurance.
Carl Landwehr heads the Computer Security Section of the Center for High Assurance Computer Systems at the U.S. Naval Research Laboratory. He has led a variety of research projects to advance technologies for computer security and high assurance systems, and he has served on review panels for high assurance research and development programs at NASA and NSA. Dr. Landwehr chairs an international defense panel on secure information systems and serves as an expert consultant to NATO. IFIP awarded him its Silver Core for his work as founding chair of IFIP WG 11.3 on Database Security, and the IEEE Computer Society awarded him its Golden Core for his work on behalf of its Technical Committee on Security and Privacy. He edits Cipher, that TC's electronic newsletter and web site, and he serves as Associate Editor of IEEE Transactions on Software Engineering and the High Integrity Systems Journal. He has also served as Associate Editor of the Journal of Computer Security. He holds a B.S. in Engineering and Applied Science from Yale University and a Ph.D. in Computer and Communication Sciences from the University of Michigan. His research interests currently center on practical methods for designing and building systems of computers that can provide high assurance that critical properties will be enforced, and in particular on identifying simple components that can be combined with off-the-shelf systems to support system security. |