• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Secure Execution Environments

DTE Projects Overview

The goal of this project is to develop better software technology for protecting DoD and civil section computer systems from the effects of malicious attacks and certain kinds of programming errors. Under HPCC funding, we are developing DTE, a powerful and practical access control technology, and have constructed a demonstration prototype that is capable following:

• Enforcing organization-specific role-based security policies described via an automated security description language;
• Controlling local area network (LAN) communication between programs in dedicated distributed systems like those used in DoD and preventing erroneous messages (e.g., weapon release commands) from being generated and processed;
• Improving the penetration resistance of the UNIX operating system in a fundamental way;
• Interoperating with existing data, UNIX programs, LANs, and file servers; and
• Functioning in combination with Trusted Mach, a highly secure operating system for protecting classified information.

This project began in May 1992 and will be completed in May 1996. It involves collaboration with TIS's Trusted Mach development efforts funded by ARPA and NSA and interactions with researchers at the Johns Hopkins Applied Physics Laboratory who are investigating future technologies for Navy combat system computers under the the ARPA HyperD project.

Our plans for this project and an anticipated follow-on contract include the following:

• Adding additional features to the prototype, including security description language features to detect inconsistencies and probable errors in DTE security configurations;
• Developing larger-scale demonstration applications to further validate the applicability of DTE to real-world information processing problems;
• Integrating DTE mechanisms into Internet "firewalls" to strengthen the firewalls and make them capable of more intelligent filtering of traffic exchanged between a local area network and the Internet.

DTE Projects:
DTE For Distributed Object Control
Access Control For Distributed Systems
Internet Safety Through Type-Enforcing Firewalls

DTE DARPA/ITO Project Summaries
Domain and Type Enforcement DARPA/ITO Project Summary