Abstract: This paper discusses technical challenges and concerns that must be resolved in order to implement a computer network security architecture for accessing differently classified data from a single network computer. Most multilevel security approaches utilize a trusted operating system (OS) to maintain data separation between differently classified data. The goal is to enable simultaneous or multiplexed viewing of differently classified data through a Windows manager. However, application development costs are expensive due to strict compliance requirements imposed by secure (trusted) OS procedures. Furthermore, security mechanisms employed in a trusted OS, sometimes preclude customer-required features, and integrating government off- the-shelf (GOTS) software from competing vendors on the application server can be problematic. A computer system security architecture provides a superior alternative to the cumbersome and costly trusted OS approach for displaying differently classified data on the same computer screen. Given the proper security architecture, the system should be accredited for government use, liberating software programmers to apply modern development techniques without excessive concern over security. This will leave the developer more time to concentrate on code functionality and reduce the cost of GOTS applications.!
展开▼
