Secure Computing Starts with a Trusted Operating System (OS)
PitBull is a multilevel security (MLS) software package that modifies and enhances the OS for trusted functionality and high assurance.
What does PitBull Do?
Prevents any bug in any program from damaging the system
Controls what network resources can be used by each program
Limits user and administrator accounts
Enforces a security policy on a system of malicious software
PitBull Foundation Suite
PitBull adds a fundamental layer of security to ensure integrity at all levels of operations.
Installs as an upgrade to the operating system
Isolates applications, network interfaces, data, and users using automatically validated security configuration – does not rely on a complex rule set for isolation.
Prevents exploitation of bugs in any one program from damaging the entire system
Controls network resources usable by each program
Controls and limits all user and administrator accounts – using least privileges. Eliminates superuser vulnerabilities
Allows for the development of flexible, ironclad security architectures
Exceeds LSPP (EAL4+) Common Criteria Requirements
Provides Bell-LaPadula based MAC (mandatory access controls)
Sensitivity labels are enforced at the kernel level
Supports Biba model MIC (mandatory integrity control) based labels
Provides user and process clearances
Supports roles and authorizations
Uses Poly-instantiated MLS network ports and labeled packets
Enforces two-man/four-eye login authentication
Allows for dual operational/configuration system modes of operation
System integrity checks and integrity databases
Disambiguated security mechanism protects critical Trusted Computing Base files and services
Supports Labeled printing with MAC controls
Enhanced and protected audit records
PitBull Foundation Suite
Building on PitBull Foundation, PitBull Foundation Suite allows commercial and custom software to be easily configured into trusted, sophisticated network architecture, securing utilities, tools, and scripts.
Streamlines architectures, improves performance, and reduces costs and manpower requirements
Allows users to securely access back-end applications via the Internet
Modular approach allows software to be tailored to a specific customer’s environment
Secure Communications Enforcer Tightly integrated trusted programs that passes packets between different security partitions. Examines each incoming request and, if validated, directs it to the appropriate service.
Security Gate Trusted software component that mediates limited, secure communication between applications or utilities in separate compartments, without allowing direct access to each other’s files.
Secure CGI Module Feature that isolates the CGI functionality of a web server from the web server itself. A security flaw in a CGI script can’t be used to modify the server, the HTML pages, or the CGI files.
Secure Authentication Module Places the authentication responsibilities of the Web server into its own compartment in order to restrict access to the sensitive information typically used in the user authentication process.
Secure Program Launcher Allows users without powerful authorizations to execute programs that operate at a high level of security, but only in a limited predefined manner.