From the thesis abstract: "Computer systems employed in the Department of Defense (DoD) for processing classified electronic mail (email) generally operate at the highest classification level of the data being processed. These system high implementations cause two significant problems: all users must be granted unnecessarily high security clearances, and separate, incompatible workstations and networks exist for users to process classified data at different security levels. To solve these problems a System/Subsystem Specification (SSS) and a System Security Engineering (SSE) approach has been used to design a High Assurance, Multilevel Secure Mail Server (HAMMS). This thesis presents the architecture, mailing capabilities, and required design characteristics necessary to develop a high assurance mail server. Existing high assurance and information security systems are analyzed to identify related design advantages and disadvantages for a high assurance mail sever. Also included is the initialization, adaptation, and employment of a media encryption device and associated software that will be adapted to extend secure mail operations to a Commercial-Off-The-Shelf (COTS) workstation. The result of the research is a system design that can be employed to provide a high assurance multilevel email server and a reduction in the number of workstations, incompatible networks, and user clearances required in secure environments. In the future, the HAMMS design can be used as the basis for other high assurance server applications."
Defense Technical Information Center (DTIC): http://www.dtic.mil/dtic/