Business processes between companies often require the exchange of sensitive data and documents (e.g., financial accounting, patent motions, technical cooperation), whose usage is regulated by contracts (e.g., through secrecy acknowledgements). Company-internal protection measures are essential as well, to prohibit access on documents outside the desired workflow, e.g., to shall prevent employees from reading or distributing sensitive documents.

The existing computing platforms cannot securely handle labeled documents, because users can circumvent control mechanisms by using available functions for their own purpose or by exploiting known security holes of existing software components. Many security problems occur, because companies or public departments are not able to successfully prevent their users to (accidentally or purposely) break the security policies. They are able to install software components on their own or manipulate the IT-system otherwise, which leads to potential security lacks, e.g., through viruses, Trojan horses, worms and configuration errors.

Since the PERSEUS security kernel securely isolated applications from each other, permissions can, in the sense of Compartmented Mode Security (CMS), individually assigned to subsets of applications and services. A common example is to install several legacy operating systems in parallel such that each instance runs a different set of applications (see Figure 1).

Figure 1: Realization of a Compartmented Mode Workstation using several isolated  instances of a legacy operating system (e.g., Linux). 

This way, applications that commonly have for security reasons to be installed on different  hardware platforms can share a one platform resulting in more cost-effective installations.

Instead of strictly isolating different compartments from each other, security-services can be used that enforce more complex security policies. This is the basis for the realisation of a Multi-Level Security (MLS) system, which is customized by practical conditions (see Figure 2).

Figure 2: Realization of a Multi-Level Security (MLS) system by using a data pump (blue) that ensures that information flows in one direction only.

Isolated applications (e.g., different instances of a legacy operating system) can only communicate through a security-critical service enforcing a security policy. An example would be the realization of a data pump allowing information flows only in one direction to realize a Bell-LaPadula security policy. Existing MLS-solutions are not satisfactory up to now because of their high complexity resp. inefficient configuration (strictly separated hardware).