Browse Prior Art Database

Restricting Single Level Networks to Privileged Users

IP.com Disclosure Number: IPCOM000112104D
Original Publication Date: 1994-Apr-01
Included in the Prior Art Database: 2005-Mar-26
Document File: 2 page(s) / 39K

Publishing Venue

IBM

Related People

Craft, DJ: AUTHOR

Abstract

Disclosed is a method wherein administrators of a system conforming to the "Trusted Computer System Evaluation Criteria" [1] and the "Security Requirements for System High and Compartmented Mode Workstations" [2], hereafter known as CMW system, can connect their system to a single level network.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 82% of the total text.

Restricting Single Level Networks to Privileged Users

      Disclosed is a method wherein administrators of a system
conforming to the "Trusted Computer System Evaluation Criteria" [1]
and the "Security Requirements for System High and Compartmented Mode
Workstations" [2], hereafter known as CMW system, can connect their
system to a single level network.

      Since single level networking does not support the same
sensitivity level model as a CMW system, connecting to a network
automatically opens the system up to abuse of classified material by
its users.  For instance, any user would have the capability of
importing sensitive files at too low a classification or exporting
classified files without appropriate labeling.  The disclosed method
involves the restriction of the networking utilities to users
possessing a unique network privilege.  These users are individuals
the system administrator has deemed to be trustworthy or designated
security officers who can regrade material.

      The technology that this disclosure builds upon is the use of
CMW privileges as part command based and part user based.  If the
required networking privileges are split between the networking
commands and the trustworthy users, this provides an effective
gateway to restrict the network.  The networking commands may possess
all privileges which are unique to their operations, while the user
possesses one global privilege which is required for all networking
activity.

Referen...