The dod program for interconnection of command center systems requirethe development of multilevel secure network components, such as packet switches, message switches and guard gateways. Previous security architectures of these components have been based on the secure operating system security kernel design approach developed for multi-user time sharing systems. For communications components, this has resulted in unnecessary complexity in the system security certification, and severe performance penalties in data throughput. The objective of this program is to demonstrated a new approach for a secure network componentarchietecture which separates the security functions from the operating system and processor protection mechanisms. The security referencemonitor is placed at the system i/o level and results in signfificantly lower cost and risk for certification of the security critical functions. A generalized embedded trusted function is provided, which is necessary to support the implementation of system unique guard type functions for the interconnection of command center systems. This capability also provides the trusted computing base required for the new nsa embedded encryption architecture protocol layers.
