Title :
Simple assured bastion hosts
Author :
Cant, Chris ; Wiseman, Simon
Author_Institution :
Defence Evaluation & Res. Agency, Malvern, UK
Abstract :
It is shown how compartmented mode workstation (CMW) technology can be used as the basis of simple assured firewalls, where the vast majority of the evaluation effort required is reused from the evaluation of the CMW. The generic bastion host architecture described provides ITSEC E3 assurance that the unevaluated proxies cannot be bypassed. Assurance that the inappropriate export of information is prevented, can be gained by extending a trusted path export sanction from the user´s desktop to an evaluated release checker in the firewall
Keywords :
authorisation; workstations; ITSEC E3 assurance; assured firewalls; bastion host architecture; compartmented mode workstation; evaluated release checker; evaluation effort reuse; information exporting; trusted path export sanction; unevaluated proxies; Communication system security; Concrete; Control systems; Counting circuits; Filters; Government; Internet; Labeling; Peer to peer computing; Workstations;
Conference_Titel :
Computer Security Applications Conference, 1997. Proceedings., 13th Annual
Conference_Location :
San Diego, CA
Print_ISBN :
0-8186-8274-4
DOI :
10.1109/CSAC.1997.646170