throbber
Proceedings of JENC8
`
`Editors: H. Lubich
`P. Rendek
`
`8th Joint European Networking Conference (JENCS)
`
`Diversity and Integration: The New European Networking Landscape
`
`To order copies, contact:
`
`TERENA Secretariat
`
`Sing“ 466-468
`NL-1017 AW AMSTERDAM
`The Netherlands
`
`E-mail: jenc8-sec@terena.nl
`
`V
`UB/TIB Hanno er
`116182 466
`
`89
`
`
`
`
`
`
`
` “MIMI“
`
`

`

`
`
`JENC8Proceedings May 1997
`
`
`
`PROCEEDINGS JENCS
`
`TABLE OF CONTENTS
`
`SESSION I
`
`Session I-2:
`Chair:
`
`
`
`TECHr-isg ‘
`
`Co-operation through the Web
`INFORM A Y i (I
`
`
`
`Manfred Bogen, GMD Sankt Augustin, Germa
`
`UNIVERSITS‘KTSBlBUOTHEK ':
`HA N NOV ER
`
`
`
`121
`
`Building a Web Caching System - Architectural Considerations
`Ingrid Melve <Ingrid.Melve@uninett.n0>, UNINETT Norway, Lars Slettjord
`<Lars.Slettjord@cc.uit.no>, Troms¢ University, Norway, Henny Bekker
`<H.Bekker@cc.ruu.nl>, Utrecht University, The Netherlands, Ton Verschuren
`<Ton. Verschuren@surfnet.nl>, SURFnet, The Netherlands
`
`122
`
`Collaborative Browsing in the World Wide Web
`Gabriel Sidler <sidler@ tik.ee.ethz,ch>, ETH Zurich, Switzerland, Andrew Scott
`
`<acs@comp.lancs.ac.uk>, University ofLancaster, United Kingdom, Heiner Wolf
`<wolf@informatik.uni-ulm.de>, University of Ulm, Germany
`
`123 Visualising and Populating the Web: Collaborative Virtual Environments for Browsing,
`Searching and Inhabiting Webspace
`Steve Benford <sdb@cs.nott.ac.uk> , Dave Snowdon <dns@cs.nott.ac.uk>, Chris Brown
`<ceb@cs.nott.ac.uk>, Gail Reynard <gtr@cs.nott.ac.uk>, Rob Ingram <rji@cs.nott.ac.uk>,
`The University ofNottingham, United Kingdom
`
`Session I-3:
`Chair:
`
`Delivering Broadband to the Customer
`Ole Jacobsen, Interop, USA
`
`132
`
`Issues in Residential Broadband Internet Service Provision
`
`Saleem Bhatti <S.Bhatti@cs.ucl.ac.uk>, Graham Knight <G.Knight@cs.ucl.ac.uk>,
`University College London, United Kingdom
`
`133
`
`BT CityMedia Network - Video Multicast and ATM
`Dave Ginsburg <dginsbur@ cisco.com>,Cisco Systems Europe, Chris Gibbings
`< Chris. Gibbings @ bt-sys. bt. co. uk>, BT Laboratories, Dave Newson
`<newsondj@boat.bt.com>, BT Laboratories, Jeremy Barnes
`<Jeremy.Barnes@concert.com> Concert Communications, United Kingdom
`
`SESSION II
`
`Session II-1:
`
`Commerce on the Internet
`
`Chair:
`
`Thierry Gourdon, CYBERserve, France
`
`211
`
`The Internet and EDI - EDI as the backbone of Electronic Commerce?
`
`Dick Raman, <info@edi-tie.nl>, EDI-TIE B. V., The Netherlands
`
`212 Using the Internet for Business - Web Oriented Routes to Market and Existing IT
`Infrastructures
`
`James W. West <EJWWEST@vnet.ibm.com>, IBM United Kingdom Labs, United Kingdom
`
`121
`
`122
`
`123
`
`132
`
`133
`
`211
`
`212
`
`
`
`

`

`
`
` Proceedings JENC8 May 1997
`
`
`
`Session II-2:
`Chair:
`
`User Support and Training - Issues and Initiatives
`Gerti Foest, DFN-Verein, Germany
`
`221 On-line Training Materials Using State Information Derived from Cookies, H'I'I'Pl .0
`and its Descendents
`
`Tony McDonald, <Tony.McDonald@newcastle.ac.uk>, University of Newcastle,
`United Kingdom
`
`222
`
`Environment To Inspire Network Users (ETINU) - The development of a complete
`online support system
`Christine Cahoon <christine@unite.co.uk>, George Munroe <george@unite.co.uk>,
`UNITE Solutions Limited, George Dunn <G.Dunn@qub.ac.uk>, Majella McCarron
`<M.MeCarron@qub.ac.uk>, The Queen’s University of Belfast, Northern Ireland
`
`223 Gossamer Strands to Institutional Infrastructure - Experiences Establishing a
`University Web Site
`Majella McCarron <M.McCarron@qub.ac.uk>, George Dunn <G.Dunn@qub.ac.uk>,
`The Queen’s University of Belfast, Christine Cahoon <christine@unite.co.uk>,
`George Munroe <george@unite.co.uk>, UNITE Solutions Limited, Northern Ireland.
`
`SESSION III
`
`Session III-1:
`Chair:
`
`Secure Network Applications
`Rfidiger Grimm, GMD Darmstadt, Germany
`
`312 Handling Confidential Internet Conferences by Email
`Knut Bahr <bahr@gmd.de>, Elfn'ede Hinsch <hinsch @gmd.de>, Anne Jaegemann
`<jaegemann@gmd.de>, Lan Wang <wang@gmd.de>, GMD Dannstadt. Germany
`
`313
`
`Status of Industry Work on Signed Mobile Code
`Matthew Christian Faupel <mcf@ansa. co. uk>, APM Ltd, United Kingdom
`
`Session III-2:
`Chair:
`
`Searching in the Web
`Stefan Kelm, DFN-PCA, Germany
`
`321 Adding Softlinks to the Web
`Oli Kai Paulus, Markus Andrezak, Guido Dunker. Ulrich Sehweiger
`{okp,andrezak,dunker,uswg}@cs.tu-berlin.de, KIT Project Group -
`Technical University of Berlin, Germany
`
`322 A Distributed Weighted Centroid-based Indexing System
`Miguel Rio <rio@uminh0.pt>, Joaquim Macedo <macedo@uminh0.pt>,
`Vasco Freitas <vf@uminho.pt>, Universidade do Minho, Portugal
`
`323
`
`The Evolution of a National Networked Bibliographic Data Service
`Terry Morrow <TM.Morrow@bids.ac.uk>, University ofBath, United Kingdom
`
`Session III-3:
`
`TEN-34: Implementing a High-Speed European Research
`Backbone
`Thomas Brunner, S WIICH, Switzerland
`
`Chair:
`
`331
`
`The Implementation of TEN-34
`Michael H. Behringer; DANTE, <M.H.Behringer@dante.org.uk>, DANTE,
`United Kingdom
`
`221
`
`222
`
`223
`
`312
`
`313
`
`321
`
`322
`
`323
`
`331
`
`

`

`
`
`J“CSProceedings May l997
`
`
`
`332
`
`Experiments for Advanced Backbone Services
`Michael Behringer <michael.behn'nger@dante.org.uk>, Frank Breiter
`<breiter@ibdninftu-dresden.de>, Mauro Campanella <campanella@mi.infn.it>,
`Roberta Canada <canada®rccn.net>, Zlatica Cekro <cekro@helios.iihe.ac.be>,
`Phil Chimento <chimento@cs.utwente.nl>, Magnus Danielson <magda@it.kth.se>,
`Vegard Engen <vegard.engen@uninett.no>, Hziana Ferrari <ferran'@infn.it>, Christoph Graf
`<christoph.graf@dante.org.uk>, Steinar Haug <sthaug@nethelp.no>, Ramin Najmabadi Kia
`<najmabadi@helios.iihe.ac.be>, Sabine Kuehn <sabine_kuehn@ibdrinftu-dresden.de>,
`Olav Kvittem <olav.kvittem@uninett.no>, Simon Leinen <simon@switch.ch>, Olivier Martin
`<omartin@dxcoms.cern.ch>, Kevin Meynell <kmeynell@terena.nl>, Paulo Neves
`<pneves@rccn.net>, Victor Reijs <victon reijs @surfnet.nl>, Celestino Tomas
`<ctomas@chico. rediris. es >, José Vilela <vilela@rccn.net>
`
`332
`
`SESSION IV
`
`Session IV-1:
`
`Liberalization and Privatization - Delivering leading edge services
`in the brave new commercial Internet world
`
`Chair:
`
`411
`
`Peter VVlntlev-Jensen, European Commission
`
`STAM - The Privatized NSFNET as a two-year old, and what US higher education
`is doing about it
`Michael Staman, <staman@cic.net>, CICnet Inc., USA
`
`Session IV-2:
`Chair:
`
`Education and the Net - A New Environment
`
`Dave Hartland, University of Newcastle Upon Tyne, United Kingdom
`
`421
`
`422
`
`423
`
`Use of Instructional Material in Universal Teleteaching Environments
`Robert Grebner <grebner@wi2.wiso.uni-erlangen.de>, University of
`Erlangen—Nuremberg, Germany
`
`Evaluation of a Network Based Learning Environment for Dermatology
`Andreas Bittorf <bittorf@derma.med.uni-erlangen.de>, Thomas L Diepgen
`<diepgen@denna.med.uni-erlangen.de>, University of Erlangen, Germany
`
`The Internet - Networking and the Humanities
`Barton D. Thurber <thurber@acusd.edu>, Jack Pope <pope@acusd edu>,
`University of San Diego, USA
`
`Session IV-3:
`Chair:
`
`Digital Signature Applications
`Wolfgang Schneider, GMD Darmstadt, Germany
`
`431
`
`432
`
`433
`
`A BAKO Extension Proposal
`Petra Glockner <gloeckner@gmd.de>, Stephan Kalletzki <kolletzki@gmd.de>,
`Michael Wichert <wichert@gmd.de>, GMD Darmstadt, Germany
`
`Providing Security to the Building Licenses Delivering Process in the City of Ton'no
`Antonio Lioy <lioy @polito.it>, Fabio Maino <maino @polito.it>, Politecnico di Torino,
`Italy
`
`The Digital Signature Initiative
`Peter Lipp <plipp@iaik tu-graz.ac.at>, University of Technology Graz, Austria
`
`411
`
`421
`
`422
`
`423
`
`431
`
`432
`
`433
`
`

`

`
`
`JENC8Proceedings May 1997
`
`
`
`SESSION V
`
`Session V-2:
`
`Chair:
`
`Network Developments in the Former Soviet Union and
`Eastern Europe
`Dave Probert, Digital Equipment Corporation, United Kingdom
`
`521
`
`NATO’s Contribution to Computer Networking in Central and Eastern Europe and
`in the Former Soviet Union
`
`Jean-Paul Nadreau <nadreau@qbc.clic.net>, NATO, Canada
`
`522
`
`523
`
`Current Tendencies in Russian Academic and Research Network Development
`at the National and Regional Levels
`A.S. Mendkovich <asm@free.net>, Russian Academy of Sciences. A]. Rusakov
`<alex@free.net>, 1.73 McCormick <jmccor@yars.free.net>, MN. Zakharova,
`P.G. Demidov Yarosalvl State University, Russian Federation
`
`Siberia: Putting the Virgin Lands to the Internet Plough
`S.D. Belov <belov@inp.nsk.su>, S.Vf Bredikhin <bred@c0mcen.nsk.su>, S.P. Kovalyov
`<kovalyov@inp.nsk.su>, S.A. Kulagin <rtgroup®iae.nsk.su>, S.L. Musher <musher@nsc.ru>,
`V.S. Nikultzev <nik@scnet.nsk.su>, N. G. Scherbakova <scherbakova@iae.nsk.su>,
`I.V. Shabalnikov <igor@ iis.nsk.su>, Yu.I. Shokin <shokin@scnet.nsk.su>,
`Siberian Branch of the Russian Academy of Sciences, Russian Federation
`
`524 Networks Development in the Ural Region: the Ekaterinburg integrated project
`Konstantin E. Lovtsky <Konstantin.Lovtsky@usu.ru>, Sergei V. Sleptsov
`<Sergei.Sleptsov@usu.ru>, Vladimir E. Tretyakov <Vladimir. Tretyakov@usu.ru>,
`Ural State University, Russia
`
`525 Minsk Internet Project: Results and Perspectives
`Nikolay Listopad <listopad@nil.minedu.minsk.by>, Computer and Analytical
`Center of Ministry of Education, Sergei Kritsky <kritsky@cacedu.minsk by>,
`Belarussian State University ofInformatics and Radioelectronics, Igor Tavgen
`<itavgen@bsf. minsk.by>, Belorussian Soros Foundation, Sergey Ivanov
`<listopad@cacedu.minsk.by>, SOLIDEX PI Ltd, Minsk, Belarus, Slava Shkarupin
`<slava@sunone.isfkiev.ua>, Open Society Institute, Kiev Regional Office, Kiev,
`Ukraine, Ilya Mafier <ilya@soros.org>, Open Society Institute, New York, USA
`
`526
`
`527
`
`Synergy in Cyberspace and a New Networking Landscape: Telenetics Approach
`Vladimir Zaborovski <vlad@neva.ru>, Yuri Podgurski <p0dg@neva.ru>,
`RTC Institute, Yuri Shemanin <yuri@stu.neva.ru>, Vasili Semyonovski
`<swb@stu.neva.ru>, Andrey Vasiliev <wa@stu.neva.ru>, Technical Univesity
`of Saint-Petersburg, Russia
`
`RUSLANet - Intemet—Aware Library System in Russia (St Petersburg)
`Alexander Plemnek, <plm@unilib.unilib.nevaru>, Natalia Sokolova,
`<natalia@unilib.unilib.neva.ru>, Vladimir Baranov, ,<barvl@unilib.unilib.neva.ru>,
`St Petersburg State Technical University, Russia
`
`SESSION VII
`
`Session VII-1:
`Chair:
`
`Secure Commercial Applications
`Harald T. Alvestrand, UNINE'I'I‘ A/S, Norway
`
`711
`
`Applying Military Grade Security to the Internet
`C I Dalton <cid@hplb.hpl.hp.com>, J F Grifi‘in <jfg@hplb.hpl.hp.com>,
`Hewlett-Packard Laboratories, United Kingdom
`
`521
`
`522
`
`523
`
`524
`
`525
`
`526
`
`527
`
`711
`
`

`

`
`
` Proceedings JFJ‘ICS May 1997
`
`
`
`712 Architecture and Design of a Secure Electronic Marketplace
`Matthias Schunter <schunter@acm.org>, University of Hildesheim, Germany,
`Michael Waidner <wmi@zurich.ibm.com>, IBM Zurich Research Lab., Switzerland
`
`713
`
`Properties of Secure Transaction Protocols
`Douglas H. Steves <dhs@cs.utexas.edu>, Chris Edmondson-Yurkanan
`<dragon@cs.utexas.edu>, Mohamed Gouda <gouda@cs.utexas.edu>,
`The University of Texas at Austin, USA
`
`Session VII-2: About Plain Old Email
`
`Chair:
`
`Urs Eppenberger, S WI I CH, Switzerland
`
`721
`
`722
`
`The Email Infrastructure in Europe Today
`Claudio Allocchio <Claudio.Allocchi0@elettra.trieste.it>, Sincrotrone Trieste, Italy
`
`IMAP Servers: What Differentiates Standards-Based Messaging Systems?
`Lee Levitt <Lee.Levitt@software.com>, Donald Livengood
`<Donald.Livengood@software.com), Andrew MacFarlane
`<Andrew.MacFarlane@software.com>, Softwarecom, USA
`
`723 W3Gate - The Service
`
`Manfred Bogen <Manfred.Bogen@gmd.de>, Guido Hansen
`<Guido.Hansen@gmdde>, Michael Lenz <Michael.Lenz@gmd.de>,
`GMD Sankt Augustin, Germany
`
`SESSION VIII
`
`Session VIII-1: The Role of Cryptography in a Networked World
`Chair:
`Bernhard Plattner, ETH Zurich, Switzerland
`
`811
`
`Crypto Regulation in Europe - some key trends and issues
`Bert-Jaap Koops <e.j.koops@kub.nl>, Tilburg University, The Netherlands
`
`Session VIII-2: Education and the Net - Cooperative and Distance Learning
`Chair:
`Antoine Barthel, RESTENA, Luxembourg
`
`821
`
`822
`
`823
`
`An Interactive Distance Education Service Utilising the World Mde Web -
`a preliminary study
`Nicolas Hine <nhine@mic.dundee.ac.uk> , W. Beattie, J.L. Amott, A. McKinlay,
`University of Dundee, United Kingdom, M. Kravcik <kravcik@dent. ii.fmph. uniba.sk>,
`A. Bebjak, L. Moravcikova, Comenius University, Slovakia, A. Arato
`<ARATO@IIF.KFKI.HU>, J. Tolgyesi, R Giese, B. Blasovszky, KFKI, Hungary,
`EP. Seiler <seiler@ps3.iaee.tuwien.ac.at>, Vienna University of Technology, Austria
`
`Cooperative and Contributive Learning - the real choice to push professional
`education in Networking Information Technologies in Ukraine and CIS
`Yuri Demchenko <demch@cad.ntu-kpi.kiev. ua>, Kiev Polytechnic Institute, Ukraine
`
`Support, Training and Continued Education for Electronic Joumals in
`Physics Research Networks 823
`Anne Dixon <anne.dixon @ioppublishing.ca.uk>, Institute ofPhysics
`Publishing - Bristol, UK
`
`712
`
`713
`
`721
`
`722
`
`723
`
`811
`
`821
`
`822
`
`823
`
`vrfi
`
`wev—u-wwv‘v‘
`
`
`
`>——~o~myA«Aw—o‘wvmA
`
`

`

`
`
` Proceedings JENC8 May 1997
`
`
`
`SESSION IX
`
`Session IX-2:
`Chair:
`
`On Video Conferencing
`George Howat, University of Edinburgh, Scotland
`
`921
`
`Scalable Video Transmission for the Internet
`
`Uwe Horn <uhorn@nt.e-technik. uni-erlangen.de>, Bernd Girod
`<girod@nt.e—technik.uni-erlangen.de>, University of Erlangen-Nuremberg,
`Germany
`
`922 Desktop Video: Building Large-Scale Services with Incompatible Products
`Manfred Bogen <manfred.bogen@gmd.de>, Christian Bonkowski
`<christian.bonkowski@gmd.de>, Richard Rodriguez-Val <richard.rodriguez@gmd.de>,
`Clemens Wermelskirchen <clemens.wemtelskirchen@gmd.de>, GMD SanktAugustin,
`Germany
`
`923
`
`Recent Activities in the MERCI Conferencing Project
`Peter TKirstein <P.Kirstein@cs.ucl.ac.uk>, Roy Bennett
`<R.Bennett@cs.ucl.ac.uk>, University College London, United Kingdom
`
`Session IX-3:
`Chair:
`
`Network Management
`Thomas Walter, ETH Zurich, Switzerland
`
`931 Network Management by Delegation - From Research Prototypes Towards Standards
`Juergen Schonwalder <schoenw@ cs. utwente.nl>, University of Twente,
`The Netherlands
`
`932 Management by Delegation in ISDN-based Remote Access Environments
`Udo Payer <upayer@iaik.tu-graz.ac.at>, Herbert Leitold
`<hleitold@ iaik.tu-graz.ac.at>, Reinhard Posch <rposch@iaik.tu-graz,ac.at>,
`University of Technology Graz, Austria
`
`933
`
`Java-based Mobile Intelligent Agents as Network Management Solutions
`Tianning Zhang <zhang @fokus.gmd.de>, Stefan Covaci <covaci@fokus.gmd.de>,
`GMD F0KUS, Germany
`
`921
`
`922
`
`923
`
`931
`
`932
`
`933
`
`

`

`Applying Military Grade Security to the Internet
`(cid:223)(cid:176)(cid:176)·§•†„ (cid:211)•·•‹¿fi§ (cid:217)fi¿…» ˝»‰«fi•‹§ ‹– ‹‚» (cid:215)†‹»fi†»‹
`
`Proceedings JENCS
`—fi–‰»»…•†„› (cid:214)(cid:219)(cid:210)(cid:221)Ł
`
`Dalton, Griffin
`(cid:220)¿·‹–†(cid:244) (cid:217)fi•””•†
`
`(cid:223)(cid:176)(cid:176)·§•†„ (cid:211)•·•‹¿fi§ (cid:217)fi¿…» ˝»‰«fi•‹§ ‹– ‹‚» (cid:215)†‹»fi†»‹
`Applying Military Grade Security to the Internet
`
`(cid:221)(cid:242) (cid:215)(cid:242) (cid:220)¿·‹–† (cid:228)‰•…(cid:224)‚(cid:176)·(cid:190)(cid:242)‚(cid:176)·(cid:242)‚(cid:176)(cid:242)‰–‡(cid:226)
`C. I. Dalton <cid@hplb.hpl.hp.com>
`
`(cid:214)(cid:242) (cid:218)(cid:242) (cid:217)fi•””•† (cid:228)¶”„(cid:224)‚(cid:176)·(cid:190)(cid:242)‚(cid:176)·(cid:242)‚(cid:176)(cid:242)‰–‡(cid:226)
`J. F. Giiffm <jfg@hplb.hpl.hp.com>
`
`Abstract
`(cid:223)(cid:190)›‹fi¿‰‹
`
`The explosive growth witnessed in the Internet
`(cid:204)‚» »¤(cid:176)·–›•“»„fi–'‹‚'•‹†»››»…•†‹‚»(cid:215)†‹»fi†»‹
`over the lastfew years has encouraged companies to
`–“»fi‹‚»·¿›‹ ”»'§»¿fi›‚¿›»†‰–«fi¿„»…‰–‡(cid:176)¿†•»›‹–
`connect to it and to ofler services to their customers
`‰–††»‰‹ ‹–•‹¿†…‹– –””»fi ›»fi“•‰»›‹–‹‚»•fi‰«›‹–‡»fi›
`over it. Concerns about security are holding them
`–“»fi•‹(cid:242)(cid:221)–†‰»fi†›¿(cid:190)–«‹›»‰«fi•‹§¿fi»‚–·…•†„‹‚»‡
`backfrom all but the most restrictive connectivity.
`(cid:190)¿‰(cid:181) ”fi–‡ ¿·· (cid:190)«‹ ‹‚» ‡–›‹ fi»›‹fi•‰‹•“» ‰–††»‰‹•“•‹§(cid:242)
`
`This paper explores
`the use of a military
`(cid:204)‚•›(cid:176)¿(cid:176)»fi»¤(cid:176)·–fi»›‹‚»«›»–”¿‡•·•‹¿fi§
`development,
`the
`Compartmented
`Mode
`…»“»·–(cid:176)‡»†‹(cid:244)
`‹‚»
`(cid:221)–‡(cid:176)¿fi‹‡»†‹»…
`(cid:211)–…»
`Workstation,
`in a commercial setting, as a plaflorm
`(cid:201)–fi(cid:181)›‹¿‹•–†(cid:244)•† ¿ ‰–‡‡»fi‰•¿·›»‹‹•†„(cid:244)¿›¿ (cid:176)·¿‹”–fi‡
`that is secure enough to implement services that are
`‹‚¿‹ •› ›»‰«fi» »†–«„‚‹–•‡(cid:176)·»‡»†‹›»fi“•‰»›‹‚¿‹¿fi»
`accessed over the Internet. Two applications have
`¿‰‰»››»… –“»fi‹‚»(cid:215)†‹»fi†»‹(cid:242)(cid:204)'– ¿(cid:176)(cid:176)·•‰¿‹•–†›‚¿“»
`been investigated in detail, a firewalled Domain
`(cid:190)»»†•†“»›‹•„¿‹»…•† …»‹¿•·(cid:244) ¿”•fi»'¿··»…(cid:220)–‡¿•†
`Name System and a World Wide Web service with
`(cid:210)¿‡»˝§›‹»‡¿†… ¿ (cid:201)–fi·…(cid:201)•…»(cid:201)»(cid:190)›»fi“•‰»'•‹‚
`enhanced authentication.
`Finally,
`there
`is
`»†‚¿†‰»… ¿«‹‚»†‹•‰¿‹•–†(cid:242)
`(cid:218)•†¿··§(cid:244)‹‚»fi»
`•›
`discussion of how other Internet-based services
`…•›‰«››•–† –”‚–'–‹‚»fi(cid:215)†‹»fi†»‹(cid:243)(cid:190)¿›»…›»fi“•‰»›
`might benefit
`from the
`application of CMW
`‡•„‚‹(cid:190)»†»”•‹ ”fi–‡
`‹‚» ¿(cid:176)(cid:176)·•‰¿‹•–† –”
`(cid:221)(cid:211)(cid:201)
`technology.
`‹»‰‚†–·–„§(cid:242)
`
`This work was carried out as part of the EZS
`(cid:204)‚•›'–fi(cid:181)'¿›‰¿fifi•»… –«‹¿›(cid:176)¿fi‹–” ‹‚»(cid:219)(cid:238)˝
`project
`in
`the European
`IVth
`Framework
`(cid:176)fi–¶»‰‹ •†
`‹‚» (cid:219)«fi–(cid:176)»¿†
`(cid:215)˚‹‚
`(cid:218)fi¿‡»'–fi(cid:181)
`Programme, ITRTD Project No. 20.563.
`—fi–„fi¿‡‡»(cid:244) (cid:215)(cid:204) ˛(cid:204)(cid:220) —fi–¶»‰‹ (cid:210)–(cid:242) (cid:238)(cid:240)(cid:242)ºŒ(cid:237)(cid:242)
`
`I. Introduction
`(cid:215)(cid:242) (cid:215)†‹fi–…«‰‹•–†
`
`The business community has not been slow in
`(cid:204)‚»(cid:190)«›•†»››‰–‡‡«†•‹§ ‚¿›†–‹(cid:190)»»†›·–'•†
`recognising
`the
`potentially
`vast
`commercial
`fi»‰–„†•›•†„
`‹‚»
`(cid:176)–‹»†‹•¿··§ “¿›‹
`‰–‡‡»fi‰•¿·
`opportunities created by the remarkable growth in
`–(cid:176)(cid:176)–fi‹«†•‹•»›‰fi»¿‹»… (cid:190)§ ‹‚»fi»‡¿fi(cid:181)¿(cid:190)·»„fi–'‹‚•†
`the Internet. Further, many businesses View Internet
`‹‚»(cid:215)†‹»fi†»‹(cid:242)(cid:218)«fi‹‚»fi(cid:244)‡¿†§ (cid:190)«›•†»››»›“•»'(cid:215)†‹»fi†»‹
`based e-commerce as critical
`to their long term
`(cid:190)¿›»…»(cid:243)‰–‡‡»fi‰» ¿›‰fi•‹•‰¿· ‹–‹‚»•fi·–†„‹»fi‡
`survival. The fimdamentally insecure nature of the
`›«fi“•“¿·(cid:242)(cid:204)‚»”«†…¿‡»†‹¿··§•†›»‰«fi»†¿‹«fi»–”‹‚»
`Internet is, however, proving to be a limiting factor
`(cid:215)†‹»fi†»‹ •›(cid:244)‚–'»“»fi(cid:244)(cid:176)fi–“•†„‹– (cid:190)» ¿ ·•‡•‹•†„”¿‰‹–fi
`in allowing the maximum exploitation of these new
`•†¿··–'•†„‹‚»‡¿¤•‡«‡»¤(cid:176)·–•‹¿‹•–† –”‹‚»›»†»'
`found electronic markets.
`”–«†… »·»‰‹fi–†•‰ ‡¿fi(cid:181)»‹›(cid:242)
`
`Over the last three decades, military agencies
`(cid:209)“»fi‹‚»·¿›‹ ‹‚fi»»…»‰¿…»›(cid:244)‡•·•‹¿fi§¿„»†‰•»›
`have spent considerable amounts of fimding on
`‚¿“»›(cid:176)»†‹‰–†›•…»fi¿(cid:190)·» ¿‡–«†‹›–” ”«†…•†„ –†
`research and development of computer security,
`fi»›»¿fi‰‚¿†… …»“»·–(cid:176)‡»†‹–”‰–‡(cid:176)«‹»fi›»‰«fi•‹§(cid:244)
`ever anxious to find ways of guaranteeing secure
`»“»fi¿†¤•–«›‹–”•†…'¿§›–”„«¿fi¿†‹»»•†„›»‰«fi»
`electronic communication across their own private
`»·»‰‹fi–†•‰ ‰–‡‡«†•‰¿‹•–†¿‰fi–››‹‚»•fi–'† (cid:176)fi•“¿‹»
`networks. With the current desperate commercial
`†»‹'–fi(cid:181)›(cid:242)(cid:201)•‹‚‹‚» ‰«fifi»†‹…»›(cid:176)»fi¿‹» ‰–‡‡»fi‰•¿·
`need for network security, it would seem obvious to
`†»»…”–fi†»‹'–fi(cid:181)›»‰«fi•‹§(cid:244)•‹'–«·…›»»‡–(cid:190)“•–«›‹–
`look at ways of applying the military generated
`·––(cid:181)¿‹'¿§›–”¿(cid:176)(cid:176)·§•†„‹‚»‡•·•‹¿fi§ „»†»fi¿‹»…
`technology in the Internet arena.
`‹»‰‚†–·–„§ •† ‹‚» (cid:215)†‹»fi†»‹ ¿fi»†¿(cid:242)
`
`In this paper we present
`the results of our
`(cid:215)†‹‚•›(cid:176)¿(cid:176)»fi'»(cid:176)fi»›»†‹ ‹‚»fi»›«·‹›–”–«fi
`investigation into the use of one particular military
`•†“»›‹•„¿‹•–†•†‹–‹‚»«›»–”–†»(cid:176)¿fi‹•‰«·¿fi‡•·•‹¿fi§
`
`development, Compartmented Mode Workstation
`…»“»·–(cid:176)‡»†‹(cid:244)(cid:221)–‡(cid:176)¿fi‹‡»†‹»…(cid:211)–…»(cid:201)–fi(cid:181)›‹¿‹•–†
`(CMW)[l],
`in a role as an application gateway
`ł(cid:221)(cid:211)(cid:201)(cid:247)¯(cid:239)ˆ(cid:244)•†¿fi–·» ¿›¿†¿(cid:176)(cid:176)·•‰¿‹•–† „¿‹»'¿§
`situated between internal systems and the Internet.
`›•‹«¿‹»… (cid:190)»‹'»»†•†‹»fi†¿·›§›‹»‡›¿†…‹‚»(cid:215)†‹»fi†»‹(cid:242)
`We
`describe
`scenarios where
`use of CMW
`(cid:201)»
`…»›‰fi•(cid:190)»
`›‰»†¿fi•–›'‚»fi»
`«›»
`–” (cid:221)(cid:211)(cid:201)
`technology in this role can be advantagous, creating
`‹»‰‚†–·–„§•†‹‚•›fi–·» ‰¿† (cid:190)» ¿…“¿†‹¿„–«›(cid:244)‰fi»¿‹•†„
`a firewalled Domain Name System service and
`¿”•fi»'¿··»…(cid:220)–‡¿•†(cid:210)¿‡»˝§›‹»‡›»fi“•‰» ¿†…
`providing enhanced authentication of World Wide
`(cid:176)fi–“•…•†„»†‚¿†‰»…¿«‹‚»†‹•‰¿‹•–† –”(cid:201)–fi·…(cid:201)•…»
`Web services. We end with a discussion of how
`(cid:201)»(cid:190)›»fi“•‰»›(cid:242)(cid:201)» »†…'•‹‚¿…•›‰«››•–† –”‚–'
`other Internet based services might benefit from the
`–‹‚»fi (cid:215)†‹»fi†»‹(cid:190)¿›»…›»fi“•‰»›‡•„‚‹(cid:190)»†»”•‹”fi–‡‹‚»
`application of this technology.
`¿(cid:176)(cid:176)·•‰¿‹•–† –” ‹‚•› ‹»‰‚†–·–„§(cid:242)
`
`(cid:215)(cid:215)(cid:242) (cid:204)‚» (cid:221)–‡(cid:176)¿fi‹‡»†‹»… (cid:211)–…»
`II. The Compartmented Mode
`Workstation
`(cid:201)–fi(cid:181)›‹¿‹•–†
`
`The Compartmented Mode Workstation was
`(cid:204)‚»(cid:221)–‡(cid:176)¿fi‹‡»†‹»…(cid:211)–…»(cid:201)–fi(cid:181)›‹¿‹•–†'¿›
`originally developed for military and government
`–fi•„•†¿··§ …»“»·–(cid:176)»…”–fi‡•·•‹¿fi§¿†… „–“»fi†‡»†‹
`use
`according to the CMWEC criteria[2]
`for
`«›» ¿‰‰–fi…•†„
`‹– ‹‚» (cid:221)(cid:211)(cid:201)(cid:219)(cid:221) ‰fi•‹»fi•¿¯(cid:238)ˆ ”–fi
`evaluating trusted systems. The CMW class is an
`»“¿·«¿‹•†„‹fi«›‹»…›§›‹»‡›(cid:242)(cid:204)‚»
`(cid:221)(cid:211)(cid:201) ‰·¿››•›¿†
`entirely separate but related set of criteria to the
`»†‹•fi»·§›»(cid:176)¿fi¿‹»(cid:190)«‹fi»·¿‹»…›»‹–”‰fi•‹»fi•¿‹–‹‚»
`more familiar Orange Book criteria[3].
`In Orange
`‡–fi»”¿‡•·•¿fi(cid:209)fi¿†„»(cid:222)––(cid:181)‰fi•‹»fi•¿¯(cid:237)ˆ(cid:242)(cid:215)†(cid:209)fi¿†„»
`Book terms, CMW has all of the B1 level security
`(cid:222)––(cid:181)‹»fi‡›(cid:244) (cid:221)(cid:211)(cid:201) ‚¿›¿··–”‹‚»(cid:222)(cid:239)·»“»·›»‰«fi•‹§
`features, and includes a number of B2 and B3
`”»¿‹«fi»›(cid:244)¿†…•†‰·«…»›¿†«‡(cid:190)»fi–”(cid:222)(cid:238)¿†…(cid:222)(cid:237)
`features. A number of the CMW features are relevant
`”»¿‹«fi»›(cid:242)(cid:223)†«‡(cid:190)»fi–”‹‚»
`(cid:221)(cid:211)(cid:201) ”»¿‹«fi»›¿fi»fi»·»“¿†‹
`to
`Internet
`firewalls/application
`gateways,
`in
`‹–
`(cid:215)†‹»fi†»‹”•fi»'¿··›æ¿(cid:176)(cid:176)·•‰¿‹•–† „¿‹»'¿§›(cid:244)•†
`particular, mandatory
`access
`control
`(MAC);
`(cid:176)¿fi‹•‰«·¿fi(cid:244)‡¿†…¿‹–fi§
`¿‰‰»››
`‰–†‹fi–·
`ł(cid:211)(cid:223)(cid:221)(cid:247)(cid:229)
`discretionary access
`control
`(DAC);
`privileges;
`…•›‰fi»‹•–†¿fi§ ¿‰‰»››‰–†‹fi–·
`ł (cid:220)(cid:223)(cid:221)(cid:247)(cid:229)(cid:176)fi•“•·»„»›(cid:229)
`command authorizations; audit.
`‰–‡‡¿†… ¿«‹‚–fi•ƒ¿‹•–†›(cid:229) ¿«…•‹(cid:242)
`
`The combination of these security features
`(cid:204)‚» ‰–‡(cid:190)•†¿‹•–† –”‹‚»›»›»‰«fi•‹§”»¿‹«fi»›
`makes CMW especially suitable as an application
`‡¿(cid:181)»› (cid:221)(cid:211)(cid:201) »›(cid:176)»‰•¿··§›«•‹¿(cid:190)·» ¿›¿†¿(cid:176)(cid:176)·•‰¿‹•–†
`gateway. Some features make it easier to administer
`„¿‹»'¿§(cid:242)˝–‡»”»¿‹«fi»›‡¿(cid:181)»•‹»¿›•»fi‹–¿…‡•†•›‹»fi
`and maintain the gateway machine in a secure state
`¿†…‡¿•†‹¿•†‹‚»„¿‹»'¿§‡¿‰‚•†»•†¿›»‰«fi»›‹¿‹»
`and to detect attempts at attack:
`the detailed
`¿†…‹– …»‹»‰‹¿‹‹»‡(cid:176)‹›¿‹¿‹‹¿‰(cid:181)(cid:230) ‹‚»…»‹¿•·»…
`auditing,
`the
`command authorizations
`allowing
`¿«…•‹•†„(cid:244)‹‚» ‰–‡‡¿†…¿«‹‚–fi•ƒ¿‹•–†›¿··–'•†„
`separation of duty and retirement of the root
`›»(cid:176)¿fi¿‹•–† –”…«‹§¿†…fi»‹•fi»‡»†‹–”‹‚»fi––‹
`account, and the trusted execution path combating
`¿‰‰–«†‹(cid:244)¿†…‹‚»‹fi«›‹»…»¤»‰«‹•–† (cid:176)¿‹‚‰–‡(cid:190)¿‹•†„
`Trojan horses. Other features make it possible to
`(cid:204)fi–¶¿† ‚–fi›»›(cid:242)(cid:209)‹‚»fi ”»¿‹«fi»›‡¿(cid:181)»•‹(cid:176)–››•(cid:190)·»‹–
`build and run applications securely:
`MAC and
`(cid:190)«•·…¿†…fi«†¿(cid:176)(cid:176)·•‰¿‹•–†› ›»‰«fi»·§(cid:230)
`(cid:211)(cid:223)(cid:221) ¿†…
`privileges in particular. This section explains these
`(cid:176)fi•“•·»„»›•† (cid:176)¿fi‹•‰«·¿fi(cid:242)(cid:204)‚•› ›»‰‹•–†»¤(cid:176)·¿•†›‹‚»›»
`security features;
`the remainder of this paper
`›»‰«fi•‹§”»¿‹«fi»›(cid:229) ‹‚»fi»‡¿•†…»fi–”‹‚•›(cid:176)¿(cid:176)»fi
`concentrates on the use of these features to develop
`‰–†‰»†‹fi¿‹»›–†‹‚»«›»–”‹‚»›»”»¿‹«fi»›‹– …»“»·–(cid:176)
`applications to run securely on CMW while providing
`¿(cid:176)(cid:176)·•‰¿‹•–†›‹–fi«†›»‰«fi»·§ –† (cid:221)(cid:211)(cid:201) '‚•·»(cid:176)fi–“•…•†„
`access from the Internet to sensitive resources and
`¿‰‰»››”fi–‡‹‚»(cid:215)†‹»fi†»‹ ‹–›»†›•‹•“»fi»›–«fi‰»›¿†…
`information.
`•†”–fi‡¿‹•–†(cid:242)
`
`711-1 (Session VII-1, lSt paper)
`Ø(cid:239)(cid:239)(cid:243)(cid:239) ł˝»››•–† ˚(cid:215)(cid:215)(cid:243)(cid:239)(cid:244) (cid:239) ›‹ (cid:176)¿(cid:176)»fi(cid:247)
`
`

`

`Applying Military Grade Security to the Internet
`(cid:223)(cid:176)(cid:176)·§•†„ (cid:211)•·•‹¿fi§ (cid:217)fi¿…» ˝»‰«fi•‹§ ‹– ‹‚» (cid:215)†‹»fi†»‹
`
`Proceedings JENCS
`—fi–‰»»…•†„› (cid:214)(cid:219)(cid:210)(cid:221)Ł
`
`Dalton, Griffin
`(cid:220)¿·‹–†(cid:244) (cid:217)fi•””•†
`
`a process tries to make a system call which could in
`¿(cid:176)fi–‰»››‹fi•»›‹–‡¿(cid:181)» ¿ ›§›‹»‡‰¿··'‚•‰‚‰–«·…•†
`some way compromise security. There is a total of
`›–‡»'¿§‰–‡(cid:176)fi–‡•›»›»‰«fi•‹§(cid:242)(cid:204)‚»fi»•›¿‹–‹¿·–”
`approximately 50 different privileges, ranging from
`¿(cid:176)(cid:176)fi–¤•‡¿‹»·§ º(cid:240) …•””»fi»†‹(cid:176)fi•“•·»„»›(cid:244)fi¿†„•†„”fi–‡
`fairly harmless to very dangerous.
`”¿•fi·§ ‚¿fi‡·»›› ‹– “»fi§ …¿†„»fi–«›(cid:242)
`
`Some of the most dangerous privileges are those
`˝–‡»–”‹‚»‡–›‹…¿†„»fi–«›(cid:176)fi•“•·»„»›¿fi»‹‚–›»
`which allow a process to override the MAC, and
`'‚•‰‚¿··–'¿(cid:176)fi–‰»››‹– –“»fifi•…»‹‚»
`(cid:211)(cid:223)(cid:221)(cid:244)¿†…
`these must be carefully granted to allow selected
`‹‚»›»‡«›‹(cid:190)» ‰¿fi»”«··§ „fi¿†‹»…‹–¿··–'›»·»‰‹»…
`traffic to cross the firewall. For safety, we grant
`‹fi¿””•‰‹–‰fi–››‹‚»”•fi»'¿··(cid:242)(cid:218)–fi›¿”»‹§(cid:244)'»„fi¿†‹
`privileges only to small relay programs which are
`(cid:176)fi•“•·»„»›–†·§‹–›‡¿··fi»·¿§ (cid:176)fi–„fi¿‡›'‚•‰‚¿fi»
`specially designed and carefully reviewed. These
`›(cid:176)»‰•¿··§ …»›•„†»…¿†…‰¿fi»”«··§fi»“•»'»…(cid:242)(cid:204)‚»›»
`'trusted' programs
`allow information to cross
`ø‹fi«›‹»…ø(cid:176)fi–„fi¿‡›¿··–'
`•†”–fi‡¿‹•–† ‹– ‰fi–››
`compartment boundaries, so that large pro-existing
`‰–‡(cid:176)¿fi‹‡»†‹(cid:190)–«†…¿fi•»›(cid:244)›–‹‚¿‹ ·¿fi„»(cid:176)fi»(cid:243)»¤•›‹•†„
`applications can be safely accessed from sensitivity
`¿(cid:176)(cid:176)·•‰¿‹•–†›‰¿† (cid:190)»›¿”»·§¿‰‰»››»…”fi–‡›»†›•‹•“•‹§
`levels other than their own. The trusted programs
`·»“»·›–‹‚»fi‹‚¿†‹‚»•fi–'†(cid:242)(cid:204)‚»‹fi«›‹»… (cid:176)fi–„fi¿‡›
`must follow the 'least privilege' principle:
`they raise
`‡«›‹”–··–'‹‚»ø·»¿›‹(cid:176)fi•“•·»„»ø(cid:176)fi•†‰•(cid:176)·»(cid:230) ‹‚»§fi¿•›»
`a privilege only while it is needed for a particular
`¿(cid:176)fi•“•·»„»–†·§'‚•·»•‹ •›†»»…»…”–fi¿(cid:176)¿fi‹•‰«·¿fi
`operation and lower it again immediately afterwards.
`–(cid:176)»fi¿‹•–† ¿†… ·–'»fi •‹ ¿„¿•† •‡‡»…•¿‹»·§ ¿”‹»fi'¿fi…›(cid:242)
`
`to
`
`II.D Command Authorizations
`(cid:215)(cid:215)(cid:242)(cid:220) (cid:221)–‡‡¿†… (cid:223)«‹‚–fi•ƒ¿‹•–†›
`Command authorizations
`are
`the
`sisters
`(cid:221)–‡‡¿†…¿«‹‚–fi•ƒ¿‹•–†›¿fi»‹‚»›•›‹»fi›‹–
`privileges.
`They are given to users, whereas
`(cid:176)fi•“•·»„»›(cid:242)
`(cid:204)‚»§¿fi»„•“»†‹– «›»fi›(cid:244)'‚»fi»¿›
`privileges are granted to programs. Authorizations
`(cid:176)fi•“•·»„»›¿fi»„fi¿†‹»…‹– (cid:176)fi–„fi¿‡›(cid:242)(cid:223)«‹‚–fi•ƒ¿‹•–†›
`allow control over which users are allowed to
`¿··–'‰–†‹fi–·–“»fi'‚•‰‚ «›»fi›¿fi» ¿··–'»…‹–
`invoke which trusted programs.
`By allocating
`•†“–(cid:181)»'‚•‰‚‹fi«›‹»… (cid:176)fi–„fi¿‡›(cid:242)
`(cid:222)§¿··–‰¿‹•†„
`different sets of authorizations to different users, we
`…•””»fi»†‹›»‹›–”¿«‹‚–fi•ƒ¿‹•–†›‹– …•””»fi»†‹«›»fi›(cid:244)'»
`can achieve separation of duties. No single user has
`‰¿†¿‰‚•»“»›»(cid:176)¿fi¿‹•–† –”…«‹•»›(cid:242)(cid:210)–›•†„·»«›»fi‚¿›
`absolute control of the system; rather there are a
`¿(cid:190)›–·«‹» ‰–†‹fi–·–”‹‚»›§›‹»‡(cid:229)fi¿‹‚»fi‹‚»fi» ¿fi» ¿
`number of administrative roles with complementary
`†«‡(cid:190)»fi–”¿…‡•†•›‹fi¿‹•“»fi–·»›'•‹‚‰–‡(cid:176)·»‡»†‹¿fi§
`powers.
`(cid:176)–'»fi›(cid:242)
`
`II.E Audit
`(cid:215)(cid:215)(cid:242)(cid:219) (cid:223)«…•‹
`
`The trusted kernel audits
`system calls, and
`(cid:204)‚»‹fi«›‹»… (cid:181)»fi†»·¿«…•‹› ›§›‹»‡‰¿··›(cid:244)¿†…
`trusted applications can audit
`their own actions
`‹fi«›‹»…¿(cid:176)(cid:176)·•‰¿‹•–†›‰¿†¿«…•‹ ‹‚»•fi–'†¿‰‹•–†›
`using a standard auditing subsystem interface. This
`«›•†„¿›‹¿†…¿fi…¿«…•‹•†„›«(cid:190)›§›‹»‡•†‹»fi”¿‰»(cid:242)(cid:204)‚•›
`auditing cannot be overridden without
`special
`¿«…•‹•†„‰¿††–‹(cid:190)»–“»fifi•……»†'•‹‚–«‹›(cid:176)»‰•¿·
`privilege.
`It will normally be configured to log any
`(cid:176)fi•“•·»„»(cid:242)(cid:215)‹'•··†–fi‡¿··§ (cid:190)» ‰–†”•„«fi»…‹–·–„¿†§
`access denial or
`insufficient privilege
`for
`an
`¿‰‰»››…»†•¿·–fi•†›«””•‰•»†‹(cid:176)fi•“•·»„»”–fi¿†
`attempted operation. Trusted programs can log their
`¿‹‹»‡(cid:176)‹»… –(cid:176)»fi¿‹•–†(cid:242)(cid:204)fi«›‹»… (cid:176)fi–„fi¿‡›‰¿†·–„‹‚»•fi
`actions directly in an easily understood form, so an
`¿‰‹•–†›…•fi»‰‹·§•†¿†»¿›•·§ «†…»fi›‹––…”–fi‡(cid:244)›–¿†
`administrator can track any suspicious behaviour
`¿…‡•†•›‹fi¿‹–fi‰¿†‹fi¿‰(cid:181)¿†§›«›(cid:176)•‰•–«›(cid:190)»‚¿“•–«fi
`involving
`overriding MAC without having to
`•†“–·“•†„ –“»fifi•…•†„
`(cid:211)(cid:223)(cid:221) '•‹‚–«‹‚¿“•†„
`‹–
`decipher long sequences of system calls.
`…»‰•(cid:176)‚»fi ·–†„ ›»fl«»†‰»› –” ›§›‹»‡ ‰¿··›(cid:242)
`
`(cid:215)(cid:215)(cid:242)(cid:218) (cid:223)† (cid:219)¤¿‡(cid:176)·» (cid:221)–†”•„«fi¿‹•–†
`II.F An Example Configuration
`CMWHOST
`SYSTEM INSIDE OUTSIDE
`
`I
`l
`SYSTEM
`SYSTEM
`OUTSIDE
`INSIDE
`
`(cid:221)(cid:211)(cid:201) (cid:216)(cid:209)˝(cid:204)
`
`˝˙˝(cid:204)(cid:219)(cid:211) (cid:215)(cid:210)˝(cid:215)(cid:220)(cid:219) (cid:209)¸(cid:204)˝(cid:215)(cid:220)(cid:219)
`
`(cid:215)†‹»fi†»‹
`
`˝˙˝(cid:204)(cid:219)(cid:211)
`(cid:209)¸(cid:204)˝(cid:215)(cid:220)(cid:219)
`
`˝˙˝(cid:204)(cid:219)(cid:211)
`(cid:215)(cid:210)˝(cid:215)(cid:220)(cid:219)
`
`(cid:215)(cid:215)(cid:242)(cid:223) (cid:211)¿†…¿‹–fi§ (cid:223)‰‰»›› (cid:221)–†‹fi–·
`II.A Mandatory Access Control
`
`are
`enforced
`controls
`access
`Mandatory
`¿fi» »†”–fi‰»…
`‰–†‹fi–·›
`¿‰‰»››
`(cid:211)¿†…¿‹–fi§
`consistently by the operating system - users cannot
`‰–†›•›‹»†‹·§ (cid:190)§ ‹‚»–(cid:176)»fi¿‹•†„›§›‹»‡(cid:243)«›»fi›‰¿††–‹
`choose which information will be regulated. On
`‰‚––›»'‚•‰‚•†”–fi‡¿‹•–†'•··(cid:190)»fi»„«·¿‹»…(cid:242)(cid:209)†
`CMW all
`information has associated with it a
`(cid:221)(cid:211)(cid:201) ¿·· •†”–fi‡¿‹•–† ‚¿›¿››–‰•¿‹»…'•‹‚•‹ ¿
`sensitivity label. The sensitivity label comprises a
`›»†›•‹•“•‹§·¿(cid:190)»·(cid:242)(cid:204)‚»›»†›•‹•“•‹§·¿(cid:190)»·‰–‡(cid:176)fi•›»› ¿
`'classification' and a number of 'compartments'. The
`ø‰·¿››•”•‰¿‹•–†ø¿†…¿†«‡(cid:190)»fi–”ø‰–‡(cid:176)¿fi‹‡»†‹›ø(cid:242)(cid:204)‚»
`operating system labels files, processes and network
`–(cid:176)»fi¿‹•†„›§›‹»‡·¿(cid:190)»·›”•·»›(cid:244)(cid:176)fi–‰»››»›¿†… †»‹'–fi(cid:181)
`connections. In general, to have read access to some
`‰–††»‰‹•–†›(cid:242)(cid:215)† „»†»fi¿·(cid:244)‹– ‚¿“»fi»¿…¿‰‰»››‹–›–‡»
`data, a process must have a sensitivity label which
`…¿‹¿(cid:244)¿(cid:176)fi–‰»››‡«›‹‚¿“» ¿›»†›•‹•“•‹§·¿(cid:190)»·'‚•‰‚
`'dominates' the label of the data. A sensitivity label
`ø…–‡•†¿‹»›ø‹‚»·¿(cid:190)»·–”‹‚»…¿‹¿(cid:242)(cid:223)›»†›•‹•“•‹§·¿(cid:190)»·
`is said to dominate another when its classification is
`•› ›¿•…‹– …–‡•†¿‹» ¿†–‹‚»fi'‚»†•‹›‰·¿››•”•‰¿‹•–†•›
`higher or equal
`to the other's classification, and
`‚•„‚»fi–fi»fl«¿· ‹–‹‚»–‹‚»fiø›‰·¿››•”•‰¿‹•–†(cid:244)¿†…
`when it includes all compartments included in the
`'‚»†•‹ •†‰·«…»›¿··‰–‡(cid:176)¿fi‹‡»†‹›•†‰·«…»…•†‹‚»
`other label. For write access, a process's label must
`–‹‚»fi·¿(cid:190)»·(cid:242)(cid:218)–fi'fi•‹» ¿‰‰»››(cid:244)¿(cid:176)fi–‰»››ø›·¿(cid:190)»·‡«›‹
`exactly equal the data‘s label.
`»¤¿‰‹·§ »fl«¿· ‹‚» …¿‹¿ø› ·¿(cid:190)»·(cid:242)
`
`In practice, classification is generally used to
`(cid:215)† (cid:176)fi¿‰‹•‰»(cid:244)‰·¿››•”•‰¿‹•–†•›„»†»fi¿··§ «›»…‹–
`indicate
`how secret
`or
`sensitive
`data
`is.
`•†…•‰¿‹»
`‚–' ›»‰fi»‹
`–fi
`›»†›•‹•“»
`…¿‹¿
`•›(cid:242)
`Compartments, however, are often used to partition
`(cid:221)–‡(cid:176)¿fi‹‡»†‹›(cid:244)‚–'»“»fi(cid:244)¿fi»–”‹»† «›»…‹– (cid:176)¿fi‹•‹•–†
`data so that access to separate sets of data is given to
`…¿‹¿›–‹‚¿‹¿‰‰»››‹–›»(cid:176)¿fi¿‹»›»‹›–”…¿‹¿•›„•“»†‹–
`different groups of users, e.g., members of different
`…•””»fi»†‹„fi–«(cid:176)›–”«›»fi›(cid:244)»(cid:242)„(cid:242)(cid:244)‡»‡(cid:190)»fi›–”…•””»fi»†‹
`departments in a company.
`The configuration
`…»(cid:176)¿fi‹‡»†‹›•†¿ ‰–‡(cid:176)¿†§(cid:242)
`(cid:204)‚» ‰–†”•„«fi¿‹•–†
`shown in figure 1 below uses compartments to
`›‚–'†•†”•„«fi»(cid:239) (cid:190)»·–'«›»›‰–‡(cid:176)¿fi‹‡»†‹›‹–
`distinguish between data and resources accessible
`…•›‹•†„«•›‚ (cid:190)»‹'»»† …¿‹¿ ¿†…

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket