A Security Policy And Formal Top Level Specification For A Multi-Level Secure Local Area Network

This paper describes a Gypsy[l] realization of a formal security policy model and top level specification for a secure, multi-level loud area network (LAN). The network, which is being developed by the Verdix Corporation of Chantilly, Virginia, is one of the fmt network products to be accepted for developmental evaluation by the Computer Security Center leading to, we hope, an eventual certification at the A-1 level. Because network criteria are still undergoing development, the LAN will be evaluated under the TCSEC [2] criteria for multi-level secure computer systems. The remainder of the paper briefly describes the LAN itself, the policy model and its Gypsy representation,and FTLS. This is followed by a discussion of related issues such as covert channel analysis. The conclusions will cover both the applicability of the TCSEC criteria to network products such as this and the use of such products as building blocks for distributed semre systems.