LOCK – A Trusted Computing System

The LOCK project (short for LOgical Coprocessing Kernel) developed a “trusted computing system” that implemented multilevel security. LOCK was intended to exceed the requirements for an “A1” system as defined by the old Trusted Computing System Evaluation Criteria (a.k.a. the TCSEC or “Orange Book”).

The project was modestly successful in that we actually deployed a couple dozen systems in military command centers. A major design feature of LOCK was type enforcement, a fine grained access control mechanism that could tie access restrictions to the programs being run.

The work was performed at Secure Computing Corporation in Minnesota.

LOCK technology, particularly type enforcement, live on in two ‘children’ that still exist:

  • the Sidewinder Internet Firewall product line
  • the “SELinux” security enhancements to Linux

Here are links to papers about LOCK and the Standard Mail Guard (the deployed version of LOCK).