Modern interconnected computer systems handling classified information can be built using mainstream COTS software platforms. The technique provides each user with a private desktop in which to work, along with services for sharing data. Within a desktop, the user is helped to label their data. When data is shared, labelling prevents accidental compromise, but other measures defend against other forms of compromise.
Purple Penelope is a prototype that extends Windows NT security to support this approach. It adds discretionary labelling, easy to use role based access controls and effective Accounting and Audit measures to shared files.