⟦60eb74923⟧

WangText

te than normal transmission speed.

TDG Test Data Generator

     Validation         The act of checking a message for
                        validity.

     Message, Legal     A message which is allowed to pass
                        the security filter.

     Message, Illegal   A message which is not allowed o
                        pass the security filter.

     Message, Validated A message which has been subject
                        to
                        validation.

     Message, Accepted  A message which by the validation
                        has been found to be legal.

     Message, Rejected  A message which by the validation
                        has been fund to be illegal.

     Message, Logged    A rejected message which has been
                        written onto the logging medium.

     Message, Suspended A message which by its type or contents
                        or otherwise demands operator assisted
                        validation and hence has been stored
                        fo this purpose.

                2  S̲U̲M̲M̲A̲R̲Y̲ ̲O̲F̲ ̲R̲E̲Q̲U̲I̲R̲E̲M̲E̲N̲T̲S̲

2.1      S̲Y̲S̲T̲E̲M̲ ̲D̲E̲S̲C̲R̲I̲P̲T̲I̲O̲N̲

         The Security Filter is an electronic device (computer)
         placed on a point-to-point communication line connecting
         two ADP-sysems of unequal security classification,
         with
         the purpose of filtering the message traffic, i.e.
         to withhold messages which for security reasons are
         not allowed to pass the subject communication line.

         The security filter operates on traffic both ays but
         with different filter characteristics.

         The messages which shall be withheld are not only those
         which are classified higher than the receiving ADP-
         system but also messages containing information outside
         the receiving system's scope of "ned to know".

         To achieve this goal it is necessary to provide full
         and positive description of this "need to know", so
         that the security filter will only allow messages to
         pass if they are positively identified as containing
         only such information.

                          Alert

             ADP         Security         ADP
             System      Filter           System


                                Log

         Fundamentally, the security filter is aimed at automated
         operation without any human intervention. This requires,
         however, that the traffic consists solely of well structured
         messges with a predictable set of contents. If the
         traffic on a line is expected to also contain unstructured
         messages or free text, which cannot be automatically
         analyzed, human support may be introduced as an option.

         Even though the concept of a seurity filter originally
         is aiming at a separate filter for each point-to-point
         line it may be considered to develop a multiline security
         filter, or to share hardware, software, or peripherals
         among a number of security filters, to achieve cost
         effetive operation. The design of such a multiline
         system would need to provide for the additional security
         required to keep messages separate and to ensure their
         proper delivery.

2.2      S̲Y̲S̲T̲E̲M̲ ̲F̲U̲N̲C̲T̲I̲O̲N̲S̲

2.2.1    F̲i̲l̲t̲e̲r̲ ̲F̲u̲n̲c̲t̲i̲o̲n̲s̲

         The filter characterstics are implemented by means
         of a definition of all legal messages and their contents.
         The security filter software (computer programs) shall
         be so constructed that any foreseeable change in message
         structure and contents can be handled without mdification
         of the software.

         As a consequence of the definition of all legal traffic,
         any message traffic deviating from the definition shall
         be considered illegal and handled in accordance with
         that condition.

         Illegal messages shall be logged b the security filter
         and may not be transmitted from the filter. In case
         of frequent traffic of illegal messages (frequency
         exceeding a prespecified maximum) an audible alert
         shall be sounded in order to inform the security officer
         of this fact.

         To expand the useful scope of the security filter to
         encompass lines where the traffic will contain messages
         too complex for automatic validation operator communication
         facilitiescan be added. This will allow for human validation
         of for instance free text messages. However, message
         types or message contents demanding human validation
         shall be defined to the filter. The display of a message
         for an operator must never be trigered by the fact
         that the message is considered illegal by the automatic
         validation.

2.2.2    A̲u̲x̲i̲l̲i̲a̲r̲y̲ ̲F̲u̲n̲c̲t̲i̲o̲n̲s̲

         The security filter shall be operative without any
         human intervention, and it shall be possible to modify
         neither software nor messaes on site while the filter
         operates.

         Hence, any authorized modification must be performed
         off-line and installed afterwards on the filter site
         following a prespecified procedure.

         The following auxiliary functions to be performed off-line
         have een identified:

2.2.2.1  S̲o̲f̲t̲w̲a̲r̲e̲ ̲P̲r̲o̲d̲u̲c̲t̲i̲o̲n̲ ̲a̲n̲d̲ ̲M̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲

         The computer programs necessary to perform the security
         filter functions must be analyzed, planned, documented,
         coded, compiled, tested and verified.

         Since the security filter by it

DataMuseum.dk

CR80 Wang WCS documentation floppies

⟦60eb74923⟧ Wang Wps File

Derivation

WangText