Purple Penelope

Last updated

Purple Penelope was a demonstration secure system created by the Defence Research Agency (DRA) in the UK. Its aim was to show that the security functionality of Windows NT could be extended to support users handling classified information.

Contents

Security Model

Purple Penelope [1] implemented the Domain Based Security model [2] [3] which was developed for the UK Ministry of Defence by DRA to take advantage of using Commercial Off The Shelf (COTS) software to implement secure systems.

Within a security domain access controls are designed to stop users from accessing material without a need-to-know and to prevent them making mistakes when handling classified data, while controls over sharing information between security domains are more stringent and defend against attacks and hold the users to account for their actions. The model calls for discretionary security labelling and role based access controls within a domain and user-sanctioned release of information from the domain coupled with application oriented accounting and audit. [4]

Security Functionality

Purple Penelope extended Windows NT and the Microsoft Office application suite. [5] The main features were a system of discretionary labelling and a trusted path for authorising security critical actions.

The discretionary labelling mechanism added security labels to files, application windows and the clipboard. The user's desktop display was augmented with a stripe across the top of the screen. This showed the security label of the application window that had focus and the security label of the clipboard. When data was copied to the clipboard the clipboard label was set to that of the source application window. When data was copied from the clipboard the destination application window's label "floated up" to the label of the new data. The user was free to change the label of a window or the clipboard at any time.

User's also had access to a shared file store. Files in the shared file store were labelled and when they were opened by an application the application's window label was set to that of the file. The shared file store could not be written directly by an application. The user was able to copy files to the shared file store but they were required to confirm the action using a trusted path interface that was inaccessible to applications.

Legacy

The software created by the Purple Penelope project was licensed to Argus Systems where it was developed into a product called Deep Purple. [6] [7]

The software also laid the foundation for QinetiQ's SyBard Suite product. [8] [9]

The work on the cross-domain guard led to the production of DERA's SWIPSY firewall toolkit. [10] [11]

Name

Purple was derived from the colour associated with joint operations in the UK MOD at the time. [12]

Penelope was the name of the wife of Odysseus who tricked her suitors by weaving a burial shroud during the day and unpicking it at night. This slow progress was thought to reflect the state of secure system development at the time.

Related Research Articles

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services.

Microsoft Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for servers, and Windows IoT for embedded systems. Defunct Windows families include Windows 9x, Windows Mobile, and Windows Phone.

<span class="mw-page-title-main">Operating system</span> Software that manages computer hardware resources

An operating system (OS) is system software that manages computer hardware and software resources, and provides common services for computer programs.

<span class="mw-page-title-main">Windows 2000</span> Fifth major release of Windows NT, released in 2000

Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000 and September 26, 2000 for Windows 2000 Datacenter Server. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001.

In human–computer interaction and user interface design, cut, copy, and paste are related commands that offer an interprocess communication technique for transferring data through a computer's user interface. The cut command removes the selected data from its original position, while the copy command creates a duplicate; in both cases the selected data is kept in temporary storage. The data from the clipboard is later inserted wherever a paste command is issued. The data remains available to any application supporting the feature, thus allowing easy data transfer between applications.

An object-oriented operating system is an operating system that is designed, structured, and operated using object-oriented programming principles.

The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista, Windows 7, 8.1, 10 and 11 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory authenticates remote users. SAM uses cryptographic measures to prevent unauthenticated users accessing the system.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object is tested against the set of authorization rules to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.

<span class="mw-page-title-main">Windows Registry</span> Database for Microsoft Windows

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

The booting process of Windows NT is the process run to start Windows NT. The process has been changed between releases, with the biggest changes being made with Windows Vista. In versions before Vista, the booting process begins when the BIOS loads the Windows NT bootloader, NTLDR. Starting with Vista, the booting process begins with either the BIOS or UEFI load the Windows Boot Manager, which replaces NTLDR as the bootloader. Next, the bootloader starts the kernel, which starts the session manager, which begins the login process. Once the user is logged in, File Explorer, the graphical user interface used by Windows NT, is started.

In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (SID) is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID for life, and all properties of the principal, including its name, are associated with the SID. This design allows a principal to be renamed without affecting the security attributes of objects that refer to the principal.

The XTS-400 is a multilevel secure computer operating system. It is multiuser and multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports Gigabit Ethernet and both IPv4 and IPv6.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

<span class="mw-page-title-main">ClipBook Viewer</span>

ClipBook Viewer is a discontinued utility included in the Windows NT family of operating system that allows users to view the contents of the local clipboard, clear the clipboard or save copied and cut items. A feature restricted version, called Clipboard Viewer, is available in Windows 9x and earlier.

A roaming user profile is a file synchronization concept in the Windows NT family of operating systems that allows users with a computer joined to a Windows domain to log on to any computer on the same domain and access their documents and have a consistent desktop experience, such as applications remembering toolbar positions and preferences, or the desktop appearance staying the same, while keeping all related files stored locally, to not continuously depend on a fast and reliable network connection to a file server.

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.

<span class="mw-page-title-main">KeePass</span> Computer password management utility

KeePass Password Safe is a free and open-source password manager primarily for Windows. It officially supports macOS and Linux operating systems through the use of Mono. Additionally, there are several unofficial ports for Windows Phone, Android, iOS, and BlackBerry devices, which normally work with the same copied or shared (remote) password database. KeePass stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encrypted file. This file can be protected by any combination of a master password, a key file, and the current Windows account details. By default, the KeePass database is stored on a local file system.

<span class="mw-page-title-main">Qubes OS</span> Security-focused Linux-based operating system

Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines called qubes. Virtualization services in Qubes OS are provided by the Xen hypervisor.

"Domain Based Security", abbreviated to "DBSy", is a model-based approach to help analyze information security risks in a business context and provide a clear and direct mapping between the risks and the security controls needed to manage them. A variant of the approach is used by the UK government's HMG Infosec Standard No.1 technical risk-assessment method. DBSy is a registered trade mark of QinetiQ Ltd.

References

  1. Wiseman, Simon (24 February 1997). "Purple Penelope: Extending the Security of Windows NT" (PDF). British Crown.
  2. Hayat, Zia; Reeve, Jeff; Boutle, Chris. "Domain Based Security: Improving Practices" (PDF).
  3. K J Hughes, Domain Based Security: enabling security at the level of applications and business processes Archived June 12, 2004, at the Wayback Machine
  4. Macdonald, Ruaridh. "Purple Penelope and UK MOD's Emerging Strategy for Information Security" (PDF). Archived from the original (PDF) on 20 October 2014. Retrieved 28 February 2016.
  5. Wiseman, Simon R.; Whittaker, Colin J. (October 1997). "A New Strategy for COTS in Classified Systems" (PDF). 20th National Information Systems Security Conference. Baltimore.
  6. Magar, A. (November 2005). "Investigation of Technologies and Techniques for Labelling Information Objects to Support Access Management" (PDF). DRDC Ottawa CR.
  7. "NATO and MOD UK Tap Argus for Enhanced NT Security". 13 October 1998. Retrieved 28 February 2016.
  8. Anderson, Ross J. (2008). Security Engineering: A Guide to Building Dependable Distributed Systems (2nd ed.). Indianapolis, IN: Wiley. ISBN   978-0470068526.
  9. "DERA in software give-away". Worcester News. 15 June 2001. Retrieved 28 February 2016.
  10. "The Directory of Infosec Assured Products" (PDF). CESG. October 2010.
  11. MIDASS - Management in Domain Based Secure Systems
  12. Trevor Taylor, Jointery and the Emerging Defence Review Archived 2012-01-18 at the Wayback Machine , Nov 2009
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.