Mandatory policy enforcement was chosen as the topic for this paper in the belief that demonstration of composite trusted systems should proceed first with simple policies, and then later be extended to include other policies such as discretionary controls and availability.

ACM Sigsac Review

This paper describes a possible architecture for an MLS-secure distributed system based on a client/server model of interaction between components, and argues that a system with such an architecture can meet high levels of assurance using the same models and practices of existing stand-alone systems. The scope of the paper is limited to the label-based Mandatory Access Control Policy described in the U.S. Department of Defense Trusted Computer Security Evaluation Criteria (TCSEC) [DOD85], along with a number of supporting policies needed to support the mandatory policy. Mandatory policy enforcement was chosen as the topic for this paper in the belief that demonstration of composite trusted systems should proceed first with simple policies, and then later be extended to include other policies such as discretionary controls and availability.

Mandatory policy enforcement was chosen as the topic for this paper in the belief that demonstration of composite trusted systems should proceed first with simple policies, and then later be extended to include other policies such as discretionary controls and availability.

High assurance composite systems