You are here


A Memoir of Secure Computing Corporation

Now that Secure Computing Corporation is a memory, having been acquired by McAfee, I'm going to write up a few memories of my own experiences. At one point I posted much of this in the appropriate Wikipedia entry, but that's actually not kosher. Since much of it is based on personal recollection, these words fall in line with what they call "original research." So I'm posting it here.


I joined Secure Computing about a year after it came into existence. It was called "Secure Computing Technology Corporation" at the time. By the time I left, they'd gone through three more company presidents, 4 corporate logos, several mergers, and bounced the corporate headquarters from Minnesota to Silicon Valley.

Cloud Computing Discovers Covert Channels

A SANS Handler Notebook entry by Toby Kohlenberg reports on data leakage in cloud computing, and links to a terrific paper from some UCSD/MIT people: Ristenpart, Tromer, Shacham, and Savage.

If we set the wayback machine to the early 1970s, we find a paper by Butler Lampson about something called the confinement problem. It's the same thing. Ristenpart et al pick up some of the threads (like noninterference) though their paper doesn't point all the way back to Lampson.

This is a hard problem to solve. The only defense right now is if attackers lack the motivation to exploit it.

Obama's Blackberry: An interesting problem

Marc Ambinder of the Atlantic recently blogged about alternative Blackberries that President Obama may carry. Some people might wonder why this is such a big deal. Ambinder notes that "Government Blackberries" can handle classified information "up to Secret" but that you need a Sectera Edge from General Dynamics to do anything (voice only) at Top Secret.

Words of the President are obviously valuable, whether voice or text. Even if we ignore spies, think about the interest they carry for news reporters, government contractors, political operatives, and other presumed patriots. So, to start with, we have to ensure that the President's words are only released when he decides to do so.

The government has established several strategies for protecting information assets. While we don't necessarily know what they're doing in the White House, we can make some educated guesses. The problems, and solutions, revolve around multilevel security, also called MLS.

Post category: 

Multilevel Security

I have moved some material about multilevel security (MLS) and 'cross domain systems' (CDS) onto this web site from my old Cryptosmith site. I've also included some brief comments on CDS. There is also a link to my MLS Introduction, which I will be updating and migrating to this site over the next few months.
Post category: 

Fred Cohen Shortcuts

Over the years, Fred Cohen has probably written more about information security on a broader range of subjects than any 3 other experts. He's posted a lot of it on his "" web site, which he's had since about the dawn of the World Wide Web. What the site lacks in pizazz it makes up for in content.

The only problem is that he doesn't put much attention into navigation. It takes patience to poke around and find what you want. I know he's had some classic papers on his virus work on-line, but I couldn't find them easily.

LOCK - A trusted computing system

The LOCK project (short for LOgical Coprocessing Kernel) developed a "trusted computing system" that implemented multilevel security. LOCK was intended to exceed the requirements for an "A1" system as defined by the old Trusted Computing System Evaluation Criteria (a.k.a. the TCSEC or "Orange Book").

Post category: 


Anderson, J.P. (1972). Computer Security Technology Planning Study Volume II, ESD-TR-73-51, Vol. II. Bedford, MA: Electronic Systems Division, Air Force Systems Command, Hanscom Field. Available at: (Date of access: August 1, 2004).

Bell, D.D. and L.J. La Padula (1974). Secure Computer System: Unified Exposition and Multics Interpretation, ESD-TR-75-306. Bedford, MA: ESD/AFSC, Hanscom AFB. Available at: (Date of access: August 1, 2004).

Wordpress tag: 
Post category: 


accreditation - approval granted to a computer system to perform a critical, defense-related application. The accreditation is usually granted by a senior military commander.

assurance - a set of processes, tests, and analyses performed on a computing system to ensure that it fulfills its most critical operating and security requirements.

Wordpress tag: 
Post category: 


Despite the failures and frustrations that have dogged MLS product developments for the past quarter century, end users still call for MLS capabilities. This is because the problem remains: the defense community needs to share information at multiple security levels. Most of the community solves the problem by working on multilevel data in a system high environment and dealing with downgrading problems on a piecemeal basis. While this solves the problem in some situations, it isn't practical others, like sensor to shooter applications.

Wordpress tag: 
Post category: 

Multilevel Networking

As computer costs fell and performance soared during the 1980s and 1990s, computer networks became essential for sharing work and resources. Long before computers were routinely wired to the Internet, sites were building local area networks to share printers and files. In the defense community, multilevel data sharing had to be addressed in a networking environment. Initially, the community embraced networks of cheap computers as a way to temporarily sidestep the MLS problem. Instead of tackling the problem of data sharing, many organizations simply deployed separate networks to operate at different security levels, each running in system high mode.

Post category: 


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer