MLS TOOLS 26 May 1995 We have these MLS solutions installed, accredited, and in operation at a number of DOD sites: Operations/Intelligence Workstation (OIW) The OIW is a compartmented mode workstation that can securely and simultaneously connect to one network operating at the Top Secret SCI level and a second network operating at the Secret level. Typically, intelligence personnel process Top Secret SCI information, while operations personnel process Secret information. The OIW allows someone cleared at the Top Secret level to have secure, simultaneous access to both environments. Standard Mail Guard (SMG) The SMG connects two networks that operate at different security levels, automatically allowing the bi-directional exchange of electronic mail classified no higher than the lower security level. It ensures all information sent from the HIGH network (e.g., Secret) is properly labeled for access by users on the LOW network (e.g., Unclassified). The SMG also blocks all other network services from the LOW network (e.g., FTP, TELNET) so users do not have access to information higher than at their security level. Two-Level Workstation (2LWS) The 2LWS is a compartmented mode workstation that can securely and simultaneously connect to two networks operating at different security levels. The 2LWS allows someone authorized access to either security level to use the workstation. It will restrict users with a clearance at the lower security level from having access to information at the higher level. It will allow users with a clearance at the higher security level to have access to all information at or below that level. _________________________________________________________________ These systems, although not developed by the DOD MLS program, are commercially available and can be key components in an MLS system. Compartmented Mode Workstation (CMW) The CMW is a commercial, off-the-shelf workstation designed to provide a trusted computing base for workstation applications. A number of vendors, such as Sun Microsystems, Digital Equipment Corporation (DEC), IBM, and SecureWare have CMWs available on GSA contracts. _________________________________________________________________ This glossary list comes from various sources. Click on a word or topic below to link to its definition or explanation. Access A specific type of interaction between a subject and an object that results in the flow of information from one to the other. (Source: GCST). Access Control The process of limiting access to the resources of a system only to authorized programs, processes, or other systems (in a network). Synonymous with controlled access and limited access. (Source: GCST) Accreditation A formal declaration by the designated approving authority (DAA) that the automated information system (AIS) is approved to operate in a particular security mode using a prescribed sete of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. (Source: GCST) Assurance A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. Compare with trusted computer system. (Source: GCST) Audit Trail A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results. (Source: GCST) Authenticate 1. To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. 2. To verify the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification. (Source: GCST) Authorization The granting of acccess rights to a user, program, or process. (Source: GCST) Automated Information System An assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information. (Source: GCST) Availability The state when data is in the place needed by [or accessible to] the user, at the time the user needs them, and in the form needed by the user. (Source: GCST) Certification The comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, that establishes the extent to which a particular design and implementation meet a specified set of security requirements. (Source: GCST) Compartmented Mode of Operation An AIS is operating in the compartmented mode when each user with direct or indirect individual access to the AIS, its peripherals, remote terminals, or remote hosts, has all of the following: * A valid personnel clearance for the most restricted information on the system. * Formal access approval for, and has signed nondisclosure agreements for, that information to which the user is to have access. * A valid need-to-know for that information to which the user is to have access. (Source: GCST) Covert Channel A communications channel that allows two cooperating processes to transfer information in a manner that violates the system's security policy. Synonymous with confinement channel. (Source: GCST) Covert Storage Channel A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channnels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. (Source: GCST) Covert Timing Channel A covert channel in which one process signals information to another by modulating its own use of system resources (e.g., CPU time) in such a way that this manipulation affects the real response time observed by the second process. (Source: GCST) Dedicated Mode of Operation An AIS is operating in the dedicated mode when each user with direct or indirect individual access to the AIS, its peripherals, remote terminals, or remote hosts, has all of the following: * A valid personnel clearance for all information on the system. * Formal access approval for, and has signed nondisclosure agreements for, all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs). * A valid need-to-know for all information contained within the system. (Source: GCST) Denial of Service Any action or series of actions that prevent any part of a system from functioning in accordance with its intended purpose. This includes any action that causes unauthorized destruction, modification, or delay of service. Synonymous with interdiction. (Source: GCST) Designated Approving Authority (DAA) The official who has the authority to decide on accepting the security safeguards prescribed for an AIS, or that official who may be responsible for issuing an accreditation statement that records the decision to accept those safeguards. (Source: GCST) Discretionary Access Control (DAC) A means of restricting access to objects based on the identity and need-to-know of the user, process, and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. Compare mandatory access control. (Source: GCST) Evaluation An assessment of a product agains the Trusted Computer System Evaluation Criteria (The Orange Book). Information Warfare Information warfare is the activity by a hacker, terrorist, or other adversary to disrupt an information system. Traditional security addresses the protection of information. Information warfare is aimed at protecting the systems that collect, store, manipulate, and transport information so that they are not accessed by unauthorized persons and are available as needed. (Source: Defense Information Infrastructure Master Plan) Mandatory Access Control (MAC) A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity. Compare discretionary access control. (Source: GCST) Multilevel Mode of Operation An AIS is operating in the multilevel mode when all of the following statements are satisfied concerning the users with direct or indirect access to the AIS, its peripherals, remote terminals, or remote hosts: * Some do not have a valid personnel clearance for all of the information processed in the system. * All have the proper clearance and have the appropriate formal access approval for that information to which they are to have access. * All have a valid need-to-know for that information to which they are to have access. (Source: GCST) Multilevel Security (MLS) An MLS system is a system containing information with different security classifications that simultaneously permits access by users with different security clearances and needs to know. This system prevents users from obtaining access to information for which they lack authorization. (Source: DOD Directive 5200.28) Risk The probability that a particular threat will exploit a particular vulnerability of the system. (Source: GCST) Risk Analysis The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is a part of risk management. Synonymous with risk assessment. (Source: GCST) Risk Management The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. It includes risk analysis, cost/benefit analysis, selection, implementation and test, security evaluation of safeguards, and overall security review. (Source: GCST) Sensitive Compartmented Information Information restricted to people who have been given formal access to the security program, called a compartment. Security Policy The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. (Source: GCST) System-High Mode of Operation An AIS is operating in the system-high mode when each user with direct or indirect access to the AIS, its peripherals, remote terminals, or remote hosts, has all of the following: * A valid personnel clearance for all information on the system. * Formal access approval for, and has signed nondisclosure agreements for, all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs). * A valid need-to-know for some of the information contained within the system. (Source: GCST) Trusted Computer System A system that employs sufficient hardware and software assurance measures to allow its use for simultaneous processing of a range of sensitive or classified information. (Source: GCST) _________________________________________________________________ Note: "GCST" means the Glossary of Computer Security Terms, NCSC-TG-004, 21 Oct 88 (the "Olive" Book). _________________________________________________________________