Design for MULTICS Security Enhancements - NIST Computer ...

fSD·"TR-74-T76

DESIGN ::oR lv\UlT!CS SECURITY ENHANCEMENTS ·

J. Whitmore A. Be:nsoussan P. Green D.

Hunt:

A. Kobziar J. Stern Hone~Jcll

Information 575 Technology Square Cambridge, MA 02139

Syst~ms,

Inc.

DecerrJ)er 1973

'I i

Prep~n::d

For

DEPUTY FOR COMMAND AND MANAGEMENT SYSTEMS ElECTRONIC SYSTEMS DIVISIOI\1 HANSCOM AIR FORCE BASE, M.A Of73f

'

wn~~~mu~----~--~~~~~mM~M~m••~--..-~m~;~•- nm·~ - - -·•mamoM....~ ..

.

J

lEGAL NOTICE ' When U.S. Government drawings, specifications or other data are used for _any purpose other than· a definitely related governm'ent procurement operation, the government thereby incurs no responsibility nor any obligation whatsoever; and the fact that the government may have formulated, furnished, or in any way sup­ plied the said drawings, specifications, or other data is not to be regarded by · implication or· otherwise as in any manner iicensing th~ .holder or any other' person or conveying any rights or permission to manufacture, use, or sell any patented invention that may in any way be related thereto.

OTHER NOTICES

Do not retum this copy. Retain .or destroy•

. This· technical' report has been reviewed and ·is. approved for

publication. ·

.

Services Center

FOR THE COMMANDER

FRANK J. E

, COLONEL, USAF

Director,·· nformation Systems Technology Application Office Deputy for Command & Management Systems

~.

...

SECURITY CLASSIFICATION OF THIS PAGE (When Date Entered)

r·

READ INSTRUCTIONS BEFORE COMPLETING FORM

REPORT DOCUMENTATION PAGE 1. REPORT NUMBER

ESD-TR-74-T76

GOVT ACCESSION NO.

3.

RECIPIENT'S CATALOG NUMBER

.•

4.

TITLE (and Subtitle)

5. TYPE OF REPORT & PERIOD COVERED

DESIGN FOR MULTICS

SECURITY ENHANCEMENTS

7.

AUTHOR(s)

J. Whitmore, A. Bensoussan, P. Green, D. Hunt, A. Kobziar, J. Stern

6.

PERFORMING ORG. REPORT NUMBER

8.

CONTRACT OR GRANT NUMBER(s)

FT9628-73-D-0087 10. PROGRAM ELEMENT, PROJECT, TASK

9. PERFORMING ORGANIZATION NAME AND ADDRESS

AREA & WORK UNIT NUMBERS

Honeywerr Information Systems, Inco

575 Technofogy Square

CambridQe MA 02T39

Task

0004AA

12. REPORT DATE

11. CONTROLLING OFFICE NAME AND ADDRESS

Deputy for Command and M(Jna9ement System:.· Electronic Systems Division

Hanscom Air Force Base MA Or73r

December

1973

13. NUMBER OF PAGES

93 15. SECURITY CLASS. (of this report)

14. MONITORING AGENCY NAME & ADDRESS(Il different from ControllinS OUice)

UNCLASSIFIED 15a. DECLASSIFICATION/DOWNGRADING SCHEDULE

N/A

16. DISTRIBUTION STATEMENT (of this Report)

Approved for public re[ea:;e; distribution unrimitedo

17. DISTRIBUTION STATEMENT (of the abstract entered in Block 20, if different from R6port)

18. SUPPLEMENTARY NOTES

19. KEY WORDS (Continue on reverse side if necessary and Identify by block number)

computer security security access control 20. ABSTRACT (Continue on reverse

~Ide

Multics

containment

operating system

If necessary and Identify by block number)

The results of a 1973 security study of the Multics computer syst.em are presented detailing requirements for a new access control mech­ an ism that would allow two levels of classified data to be used simultaneously on a single Multics system. The access control policy was derived from the Department of Defense Information Security Program. The design decisions presented were the basis for subsequent security enhancements to the Multics system.

DO

FORM 1 JAN 73

1473

EDITION OF 1 NOV 65 IS OBSOLETE Ar>r>t~I,-A~I-A.I

-~

"r~llr'

r'liAr':.C'

Jllfl..--

n .... ,..,

J;;".,.. 1 _,_ ... ,.,\

SECURITY CLASSIFICATION OF THIS PAGE(When Data Entered)

SECURITY CLASSIFICATION OF THIS PAGE(When Data Entered)

Contents

1.0 Scope of the Security Oeslgn Analysis

1·1

Identlflcatlon and Authority

1.2 Purpose

2.0 Applicable Documents

3.0 Security ReQuirements for Air Force Data Services Center

3·1

System Operating Environment Definition

3.2 Application of Security Controls to Hultics

3.3 Process Clearance Assignment

3.4 Password

Contr~l

3.5 Information

Ch~nnels

Between Processes

3.6 Access to Segments

3.7 Access to Olrectorles

3.8 Access to I/O Channels

3.9

System Processes ana System Functlons

3·10 I/O Daemon Control In a Secure

Envlro~ment

3.11 System Control Process

3.12 Other System Processes

u

3.13 Crash Recovery

..

1

Contents (continued)

3.14 Operator Interface

3·15 Administrative Control

3.16 System Audit

3·17 Control and Audit of System Changes

3.18 The Multics GCOS Environment

4.0

Quality Assurance

s.o

Preparation for Delivery

6.0

Notes

6.1 Removable Medla

6.2 Message Segments

2·

Preface This report aocuments the results of a 1973 study to identify a set of security en~ancements for Honeywe11•s Multlcs operating system. These enhancements were derived from the Department of Oef ense Information Securi-t-Y Program.- The purpose of these enrancements wis to per~lt users of two different security levels to simultanEously access classified ir.fcrmation stored on the Multlcs sy~tem at tre Alr Force Oat3 Services Center