The lack of Multilevel Secure (MLS) computer systems within the Department of Defense (DOD) is recognized as a significant shortcoming. Past efforts to build secure computing environments have resulted in a multiplicity of single-level systems, operating on a system high mode, with each system handling a single level of classified information. This results, in addition to difficulties and inefficiencies in intercommunication, in significant data redundancy, overclassification, time delays, and the added expense of maintenance and operational costs associated with redundant equipment. There have been several recent efforts to develop workable distributed computing environments. None of these have made serious inroads into addressing multilevel security. Part of the lack of progress is attributable to our lack of understanding of the impact of security as applied to a true distributed computing environment. The objective of this effort is to identify and analyze the functional capabilities required by a distributed computing environment capable of supporting heterogeneous processors performing real-time operations. The security threats to a distributed system will also be identified and analyzed. In addition, several existing distributed operating environments will be analyzed as possible candidates for designing a trusted distributed computing environment. Finally, some initial requirements for the design of a trusted distributed operating system will be developed.
Benefit: This effort will identify and analyze the processes, issues and constraints associated with building trusted distributed operating systems. Such information would reduce the time and effort associated with MLS distributed systems with a reduction in development costs. The technical report should aid those in the early stages of development by providing a comprehensive analysis of the issues involved.
Keywords: Computer Security, Computer Security, operating system, Composibility, distributed systems, Multilevel Security
