Simple Assured Bastion Hosts

Chris Cant & Simon Wiseman

It is shown how Compartmented Mode Workstation (CMW) technology can be used as the basis of simple assured firewalls, where the vast majority of the evaluation effort required is reused from the evaluation of the CMW.

The generic bastion host architecture described provides E3 assurance that the unevaluated proxies cannot be bypassed. Assurance that the inappropriate export of information is prevented, can be gained by extending a trusted path export sanction from the user's desktop to an evaluated release checker in the firewall.