Importance

Loading Importance Indicators...

Abstract

A CPU architecture guarantees that untrusted software will handle multi-level classified data in a secure manner. A single copy of untrusted software is granted simultaneous read and write access to multiple levels of classified data, with assurance that both the Bell-LaPadula simple security property and the *-property will be correctly enforced. This enforcement is accomplished without the severe constraints normally imposed by computers that do not incorporate this invention. The technique may also be used to enforce integrity policy constraints alone or in conjunction with security policy constraints (classifications). This method relies upon hardware comparison of sensitivity level tags (and/or integrity level tags) associated with data storage blocks. Software need not be examined before it is permitted to handle multi-level secure data because any attempted violation of a security policy (or an integrity policy) will cause a trap to the trusted operating system. Internal label registers are dynamically updated for permitted accesses by the untrusted software.

Loading the Abstract Image...

First Claim