[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Microsoft studying multilevel security desktops
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
http://computerworld.com/securitytopics/security/story/0,10801,83465,00.html
Microsoft studying multilevel security desktops
The effort is seen as critically important to homeland security and
information-sharing efforts
By DAN VERTON
JULY 25, 2003
Microsoft Corp. is working with the government in studying one of the
most pressing challenges in federal information security, one that is
critically important to future homeland security and information-sharing
efforts: multilevel security workstations.
In testimony submitted to the House Armed Services Committee yesterday,
Microsoft Chief Security Strategist Scott Charney said Microsoft is
"actively engaged" with the defense and intelligence communities to
enable analysts from different agencies and with varying security
clearances to access multiple networks through a reduced number of
workstations.
"One possible solution is to provide increased functionality and
usability through multiple windows on a workstation that would securely
access multiple networks in a compartmentalized fashion," according to
written testimony submitted by Charney during the hearing. "We are
actively engaged with the government on this important security topic
and are currently reviewing technical approaches."
The national security community has been trying to develop and deploy a
so-called multilevel security workstation for years. Such workstations
would provide analysts who hold the appropriate security clearance and
have a need to know with the ability to access information across
databases that may be compartmentalized or "air-gapped" for security
reasons. It would also enable analysts who are not cleared for access to
the most sensitive information to still use the workstations.
As was outlined in the report issued this week by Congress on the
intelligence failures that contributed to the Sept. 11, 2001, terrorist
attacks (see story), intelligence and law enforcement agents have been
forced to use multiple workstations to access information that is at
different classification levels or belongs to different agencies. It is
a process that not only slows information sharing but often prevents it
altogether.
During a presentation last month on the challenges of developing an
multilevel security system, Steve Lipner, a former Microsoft director of
security assurance, said previous efforts proved to be expensive,
cumbersome and limited in functionality.
The alternatives being studied by Microsoft, however, include leveraging
new capabilities of the Windows XP Pro operating system and embedding
security in the network rather than in the end-user system. Central to
this effort is the use of virtual machines to access multiple security
domains -- something the company calls Trusted Multi-Net: Typhon XP,
named after a 100-headed giant from Greek mythology that was created to
kill Zeus.
The goal is to build on National Security Agency (NSA) research using
virtual machines to provide separation of security domains on one
desktop. The effort currently uses VMware 3.02, which has already been
evaluated by the NSA. In addition, there are plans to add support for
Microsoft's Virtual Machine Monitor, according to Lipner's presentation
at a government IT security conference.
Microsoft is also developing Typhon XP on Windows XPe (embedded), which
permits the removal of more operating system features for added
security.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.