SECURITY TECHNIQUES FOR EDP OF MULTILEVEL CLASSIFIED INFORMATION

Abstract

Abstract : The study objective was to develop hardware and software techniques for security (need-to-know) control of on-line users and programmers in multiprogramming, multiprocessing EDP systems of apparent future development. Hardware techniques recommended include: (1) processors having two modes of operation, interrupt entry into control mode in which privileged instructions are executable, flag bits for identification and control of memory words, and address checks against access-differentiated memory bounds; (2) parity checks on intermodule information transfers; (3) input/output control processors which establish and verify peripheral unit connections, check memory addresses against bounds, and confirm security content of record headers being transferred; and (4) bulk file control of physical record integrity, and lock control over write permission and flag bit setting to permit supervisor establishment of control programs. Software techniques reside in the executive control program and are executed in control mode and identified by flag bits. Security routines are described and evaluated which construct, protect, and check access requests against user security control profiles, verify memory bounds and memory blanking, and provide security indicators for input/output. The integrated techniques are applied to control users and system programmers in an advanced modular system.