Multi-Level and Compartmented Mode Security
Business processes between companies often require the exchange of sensitive data and documents, e.g., financial accounting, patent motions, technical cooperation. The usage of these documents is regulated by means of contracts and agreements. Company-internal protection measures are essential as well, so that access to documents outside the desired workflow is prohibited. This, for instance, shall prevent employees from reading sensitive documents, distributing documents (unintentionally or purposely) outside the company or performing unauthorized changes. The existing computing platforms cannot securely handle classified documents (e.g., unclassified, secret, top secret), so that the users can circumvent control mechanisms by using available functions for their own purpose or by exploiting known vulnerabilities of existing software components. Many security problems arise because companies or public departments are incapable of successfully preventing their users from circumventing the security policies by installing software components themselves or manipulating the IT-system otherwise. The suggested platform shall provide functionalities that allow secure enforcement of external and company-wide security policies. This is the basis for the realization of a system with Multi-Level Security (MLS), which is customized to practical conditions. Existing MLS solutions are not satisfactory up to now because of their high complexity and inefficient configuration (strictly separated hardware). Other important example applications realizable on the top of a secure computing platform, are Multi Server Systems (MSS), which run – similar to VMM – different isolated services (e.g., a database, a Web server, and a security gateway) parallel on one server.