A Distributed Secure System

John Rushby and Brian Randell

Technical Report 182, Computing Laboratory, Newcastle University, UK; May 1983


We describe, in tutorial detail, the design of a distributed general-purpose computing system that enforces a multilevel security policy. The system is composed of standard UNIX systems and small trustworthy security mechanisms linked together in such a way as to provide a total system which is not only demonstrably secure, but also highly efficient and cost effective.

Each UNIX system provides services to a single security partition and operates at full speed; security-critical tasks are performed by separate, specialised processors. These security processors control access to the different security partitions and mediate information flow between them. They also provide a multilevel secure file system and a facility for dynamically changing the security partition to which each UNIX system is assigned. Extensions to support controlled downgrading and multilevel objects are described as well.

Despite the sophistication of the overall system, individual security processors employ only very simple, straightforward mechanisms; their construction and verification requires no more than already established technology. And despite the heterogeneity of its components, the system as a whole appears to be a single multilevel secure UNIX system, since the fact that it is actually a distributed system is completely hidden from its users and their programs. This is achieved through the use of the "Newcastle Connection", a software subsystem that links together multiple UNIX or UNIX-look-alike systems, without requiring any changes to the source code of either the operating system or any user programs.

A first prototype system, providing multiple security partitions, and a multilevel secure file system, has already been successfully demonstrated - construction of a much more complete prototype is now planned.


 *NEW* This is a scanned copy, so the file size is rather large (7MB) scanned PDF

This is a longer version of a paper published in IEEE Computer July 1983 and selected as a Classic Paper for ACSAC 2007.

BibTeX Entry

	AUTHOR = {John Rushby and John Rushby},
	INSTITUTION = {Computing Laboratory, University of Newcastle
		upon Tyne},
	TITLE = {A Distributed Secure System},
	YEAR = 1983,
	MONTH = may,
	ADDRESS = {Newcastle upon Tyne, UK},
	NUMBER = 182

Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page