This invention relates to a secure computer workstation and more particularly to a computer workstation whereby information can be processed locally and retrieved and stored both locally and remotely with reliable security in a window display environment.
There is a growing need for securely interconnecting data processing systems, particularly for use in government applications. Network security technology, together with local area network (LAN) Technology, allows powerful workstations on a local area network to intercommunicate securely among themselves and with mainframe computers. However, in order that workstations may qualify for security sensitive applications, each workstation must operate according to modes which satisfy certain security requirements. Types of security requirements are found in the standard reference DoD Trusted Computer System Evaluation Criteria, CSC 5200.28-STD, Dec. 1985 (approx. 50 pp). Often such modes require that compartmentalized data be internally separated.
Important to an understanding of a computer workstation is a window display environment. The window display environment is based on the concept of a process. A process is an independent unit of activity or operation on behalf of a specific system user or on behalf of a system itself. A process can be thought of as a program in execution. However, different users running the same program can have different processes running the program, or a single user running different programs or the same program multiple times can have different processors running the programs. A window idiom is a tool for display of multiple processes essentially simultaneously. Certain processes must be protected to assure integrity and security in information. Data input which causes change in the content of the database and information transfer in a multilevel security environment are two particularly sensitive examples of actions requiring restrictive control.
In the past, one of the main obstacles to development and application of a secure computer system has been the availability of so called "trusted software". In a security sensitive environment, it has been accepted that software must be verified as trusted. However, verifying software is a very lengthy and costly process which may not lead to the level of assurance sought.
An ideal secure computer system prevents unauthorized disclosure of information. Such a system demands that processes at different security levels be isolated from each other and upon display on the workstation.
In the past, the problem of implementing such a security system has been directed primarily to the development or modification of operating system software. Following such an approach, it is necessary that software be testable to verify security. Moreover, the application software used with such software operating systems must be shown not to allow or cause a breach in security.
The present invention represents a departure from methods relying on use of security-qualified software, enabling the use of general purpose software and generally-available components of commercially available computers and computer workstations. The exact implementation of the invention will be outlined hereinafter.
The following patents were uncovered in a search of the United States Patent and Trademark Office:
______________________________________ U.S. Pat. No. Inventor ______________________________________ 4,484,302 Cason et al. 4,642,790 Minshull et al. 4,644,496 Andrews 4,646.261 Ng 4,648,061 Foster ______________________________________
The above patents disclose display window systems of various types. The '302 patent describes a text processing system which is divided into virtual displays, each of which permits independent processing of operator interface to the system. The system requires the use of a single central processor for controlling operation of the apparatus in connection with a partitioned memory and a display access method program for running a plurality of service programs. No attention has been given to the problem of providing multilevel security.
The '496 patent describes a computing network and apparatus for routing and transferring information in the computing network. No attention has been directed to the problem of multilevel security.
The '790 patent describes an interactive display system for presenting data to a user through windows on the display. A screen manager is employed to map the data contained in defined windows into locations on the screen determined by corresponding positions of viewports. No attention has been directed to the problem of multilevel security.
The '261 patent relates to a local video controller for use in connection with a video terminal including a terminal processor in a video memory for storing video information for displaying on a terminal screen. The local video controller includes a change detect circuit to send updated video information to the video memory at the terminal. No attention has been directed to the problem of multilevel security.
The '061 patent relates to an electronic document distribution network and the problem of the dynamically variable nature of a distribution network in providing document interchange protocols between any two processors in the network. No attention has been directed to the multilevel security problem.