PRISM: Program Replication and Integration for Seamless MILS

We describe how to combine a minimal Trusted Computing Base (TCB) with polyinstantiated and slightly augmented Commercial Off The Shelf (COTS) software programs in separate Single Level Secure (SLS) partitions to create MultiLevel Secure (MLS) applications. These MLS applications can coordinate fine grained (intra-document) Bell LaPadula (BLP) [6] separation between information at multiple security levels. The untrusted COTS programs in the SLS partitions send at-level file edits as diff transactions to the TCB. The TCB verifies that BLP semantics will be observed and then patches these transactions into its canonical representation of the file. Finally, it releases appropriately filtered versions back to each SLS partition for re-assembly into the COTS program´s standard file format. Furthermore, by judiciously restricting how the user can interact with the system the multiple SLS instantiations of the COTS program can be made to appear as if they are a single MLS instantiation. We demonstrate the utility of this approach using Microsoft Word and DokuWiki.