A design comparison between IPv4 and IPv6 in the context of MYSEA, and implementation of an IPv6 MYSEA prototype

O'Neal, Matthew R.

06 1900

Approved for public release, distribution is unlimited / Internet Protocol version six (IPv6), the next generation Internet Protocol, exists sparsely in today's world. However, as it gains popularity, it will grow into a vital part of the Internet and communications technology in general. Many large organizations, including the Department of Defense, are working toward deploying IPv6 in many varied applications. This thesis focuses on the design and implementation issues that accompany a migration from Internet Protocol version four (IPv4) to IPv6 in the Monterey Security Enhanced Architecture (MYSEA). The research for this thesis consists of two major parts: a functional comparison between the IPv6 and IPv4 designs, and a prototype implementation of MYSEA with IPv6. The current MYSEA prototype relies on a subset of Network Address Translation (NAT) functionality to support the network's operation; and, due to the fact that IPv6 has no native support for NAT, this work also requires the creation of a similar mechanism for IPv6. This thesis provides a preliminary examination of IPv6 in MYSEA, which is a necessary step in determining whether the new protocol will assist with or detract from the enforcement of MYSEA policies. / Ensign, United States Navy

Computer network protocols

Computer networks

Security measures

MYSEA

IPv4

IPv6

MLS

IP next generation

Multilevel security

Network address translation

NAT

Remote application support in a multilevel environment

Cooper, Robert C.

03 1900

Approved for public release, distribution is unlimited / The use of specialized single-level networks in current military operations is inadequate to meet the need to share information envisioned by the Global Information Grid (GIG). Multilevel security (MLS) is a key Information Assurance enabler for the GIG vision. The Monterey Security Architecture (MYSEA), a distributed MLS network, eliminates the need to use separate equipment to connect to many networks at different classification levels. It allows users to view data at different sensitivities simultaneously. MYSEA also allows commercial software and hardware to be used at clients. To address the threat of residual data on the client after a user session change in security state, the MYSEA clients are required to be "stateless", i.e., there is no non-volatile writable memory. Hence the MYSEA server must provide the clients with the ability to execute server-resident client-side applications to access data at different security levels over the MLS Local Area Network (LAN). The MYSEA server currently does not support such capability. This thesis addresses this limitation. A new trusted process family is introduced to provide a pseudo-socket interface for the single level remote application to access the MLS LAN interface. Detailed design specifications were created to facilitate implementation of the remote application support. / Lieutenant, United States Navy

Computer security

Local area networks (Computer networks)

Security measures

Multilevel Security (MLS)

Information Assurance (IA)

Monterey security architecture (MYSEA)

Client-side remote application

Trusted remote session management