A variety of solutions have evolved to provide and maintain the security of private information. For example, communication security (COMSEC) has evolved to protect information being communicated over unsecured communication channels. Generally speaking, COMSEC provides encryption and decryption standards along with the management of cryptographic keys/security certificates used in encryption and decryption processes and communication of private signals over unsecured communication channels.
An alternative field of computer security (COMPUSEC) has evolved to protect computer-processed information. COMPUSEC provides trusted applications that maintain separation of data having different security attributes within a computer system. Trusted/secure applications performed by computers tightly manage the users who may access the applications, provide audit trails and limit the types of activities performed to those for which security can be maintained. An underlying assumption of COMPUSEC is that protected computer processing takes place within a secure area and that other procedures are enacted to limit access to the computer and its data.
Modern computing trends are leading to increased computer networking so that data may be shared between computers. An increasing number of highly valuable applications are being developed specifically for networked use. However, prior art networking technology violates the basic premises upon which COMPUSEC is founded.
COMSEC provisions might be employed to allow networking of secure computers over unsecured data channels. Simple porting of COMPUSEC data to a COMSEC system would not work. A weak security interface exists at the point where secure information passes between a COMPUSEC protected system (e.g., a computer) and a COMSEC protected system (e.g., a communication channel). At this point, opportunities exist for security violations (e.g., releasing confidential or classified information to an unauthorized entity).