{"title":"面向情报界的高保障多级安全PC","authors":"D. Kleidermacher","doi":"10.1109/THS.2008.4534523","DOIUrl":null,"url":null,"abstract":"Intelligence communities have long struggled with the burden of maintaining separate computers and networks to manage information at varying sensitivity levels. Commercial grade operating systems and virtualization solutions such as Windows, Linux, and VMware are unsuitable for security assurance to the high levels required for this kind of information sharing on a single PC platform. Custom solutions have failed to gain acceptance as cost containment pressures favor commercial, off-the-shelf (COTS) platforms. In addition, common PC hardware has had serious security limitations that prevent even a high assurance software solution from achieving the required domain separation. The hope for a truly high assurance, multi-level secure PC is coming closer to reality by virtue of recent innovations, both in software and hardware. We propose an operating environment architecture that combines the utility of virtualization with the robustness of a high assurance realtime kernel that can host trusted applications.","PeriodicalId":366416,"journal":{"name":"2008 IEEE Conference on Technologies for Homeland Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Towards a High Assurance Multi-level Secure PC for Intelligence Communities\",\"authors\":\"D. Kleidermacher\",\"doi\":\"10.1109/THS.2008.4534523\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intelligence communities have long struggled with the burden of maintaining separate computers and networks to manage information at varying sensitivity levels. Commercial grade operating systems and virtualization solutions such as Windows, Linux, and VMware are unsuitable for security assurance to the high levels required for this kind of information sharing on a single PC platform. Custom solutions have failed to gain acceptance as cost containment pressures favor commercial, off-the-shelf (COTS) platforms. In addition, common PC hardware has had serious security limitations that prevent even a high assurance software solution from achieving the required domain separation. The hope for a truly high assurance, multi-level secure PC is coming closer to reality by virtue of recent innovations, both in software and hardware. We propose an operating environment architecture that combines the utility of virtualization with the robustness of a high assurance realtime kernel that can host trusted applications.\",\"PeriodicalId\":366416,\"journal\":{\"name\":\"2008 IEEE Conference on Technologies for Homeland Security\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-05-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 IEEE Conference on Technologies for Homeland Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/THS.2008.4534523\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE Conference on Technologies for Homeland Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2008.4534523","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards a High Assurance Multi-level Secure PC for Intelligence Communities
Intelligence communities have long struggled with the burden of maintaining separate computers and networks to manage information at varying sensitivity levels. Commercial grade operating systems and virtualization solutions such as Windows, Linux, and VMware are unsuitable for security assurance to the high levels required for this kind of information sharing on a single PC platform. Custom solutions have failed to gain acceptance as cost containment pressures favor commercial, off-the-shelf (COTS) platforms. In addition, common PC hardware has had serious security limitations that prevent even a high assurance software solution from achieving the required domain separation. The hope for a truly high assurance, multi-level secure PC is coming closer to reality by virtue of recent innovations, both in software and hardware. We propose an operating environment architecture that combines the utility of virtualization with the robustness of a high assurance realtime kernel that can host trusted applications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
