Design and implementation of multilevel security architectures

Abstract

The problem of securely storing and processing sensitive data is paramount in many sectors. But ICT Security is not a Defense prerogative. Events like Vatileaks and Panama Papers, after Snowden's disclosures, brought to prominence the information security problem. We live in a world that requires from us to be always-on, always-connected. Technological progress and the need to process and share always bigger amount of data led to the inception of distributed systems, smart sensors/networks, cloud computing etc. and transformed the Internet in a high bandwidth medium. We are surrounded by devices and use applications that track and collect our personal information that should be properly protected. Sensitive data should be accessed only by people with valid authorizations and with a specific need-to-know that could affect only a specific subset of data necessary to perform some operations. The requirement to protect information characterized by a hierarchy of sensitivity levels led to the definition of Multilevel Security. In the last years a new paradigm called Multiple Independent Levels of Secu- rity/Safety (MILS) seems to be able to effectively address the problem. This thesis illustrates the design and the implementation of Multilevel Security Archi- tectures. We pinpointed the drawbacks of the currently proposed solutions and analyzed the problem from different perspectives: high-assurance security requirements, certi cation according to international schemes, and performance. We proposed an innovative MILS Distributed Architecture and implemented a specific MILS component that enforces the security policy of connecting domains characterized by different classification level information. We also faced the multilevel-related covert channel problem proposing a novel detection algorithm and building an open source covert timing channel in order to evaluate its performance.