Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Patent
1996-11-26
2000-09-05
Beausoliel, Jr., Robert W.
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
G06F 1214
Patent
active
061158194
DESCRIPTION:
BRIEF SUMMARY
This invention relates to trusted hardware devices that can be utilised in a general computer system architecture to provide a means of ensuring data transfers within the system architecture are secure. When the trusted hardware device is configured as a peripheral of a computer system the computer can be used for predetermined trusted functions.
BACKGROUND
The widespread use of computers for information storage and processing has resulted in the need for systems which can protect information which is of national security importance, commercially sensitive, or personal. Security measures are required which test users of computer systems security against unauthorised access to and modification of information stored in and processed by computer systems.
In response to the need for secure computers and computer systems for operation within classified environments, the United States Department of Defense has published the "Department of Defense Trusted Computer System Evaluation Criteria" (reference No DOD 5200.28-STD). This publication, typically referred to as the Orange Book, describes security measures including measurable objectives and evaluation criteria for assessing secure computers and computer system designs and implementations.
The Orange Book emphasises the concepts of the Trusted Computing Base (TCB) and the reference monitor. The TCB is the set of all resources in a system that together provide the security features of the system. The reference monitor is that part of the TCB which oversees all data accesses in the system, and will only permit those accesses that the user of the system has the authority to perform.
An approach taken by system developers in response to Orange Book security criteria was to implement TCBs into existing hardware platforms rather than develop completely new hardware, because of the large amount of capital investment in existing computer hardware. This approach meant that the TCB had to be implemented in software, and due to the functional requirements of the TCB and reference monitor, large and complicated software systems were developed from the ground up. This meant that the developers had to develop operating systems and kernels with built-in security in order to produce systems that satisfied the Orange Book Criteria.
However, efforts to build TCBs in such a manner have shown that there are a number of problems with this approach, namely: software means that extra effort had to be made to provide assurance that the TCB would function correctly. Verifying the correct operation of the TCB has proven to be an extremely time consuming exercise and can even be considered impractical if the TCB is too large. TCB will be slower since the TCB uses processor resources to perform security functions. Additionally in an effort to reduce the verification requirements on the TCB, the size of the TCB can be reduced by eliminating some of the functionality, which in turn reduces the performance of the whole system. order to implement a TCB in many cases has been quite extensive. This has resulted in incompatibilities between existing software and the new secure operating systems, which reduces the usability of the TCB. The security functions imposed by the TCB are often viewed as too restrictive by the users, as they can obstruct the users performing even routine tasks. software implemented TCB require that the TCB be re-evaluated, and this makes it difficult to add functionally to the TCB incrementally.
Different approaches were tried for developing trusted systems, including implementing the reference monitor in hardware so as to avoid many of the problems inherent with software implementation. One prior art design is the US National Computer Security Center's Logical Coprocessing Kernel which is commonly known as LOCK. The LOCK project involved the development of a reusable hardware module called SIDEARM (System-Independent Domain-Enforcing Assured Reference Monitor) that could be fitted to a number of systems and implemented a hardware version of the reference monitor fun
REFERENCES:
patent: 4584639 (1986-04-01), Hardy
patent: 4791565 (1988-12-01), Dunham et al.
patent: 4882752 (1989-11-01), Lindman et al.
patent: 4962533 (1990-10-01), Krueger et al.
patent: 5144659 (1992-09-01), Jones
patent: 5202997 (1993-04-01), Arato
patent: 5289540 (1994-02-01), Jones
patent: 5559993 (1996-09-01), Elliott et al.
Beausoliel, Jr. Robert W.
Elisca Pierre E.
The Commonwealth of Australia
LandOfFree
Secure computer architecture does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure computer architecture, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure computer architecture will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2223596