Home Research Education Publications Activities Resources About Me

D-Opdracht : Implementing Multi Level Security using a plublic key infrastructure




Edward Stempel  Dr. J.-H. Hoepman


At Philips Crypto B.V. a pilot project will be started in order to set up a Public Key Infrastructure based on Trusted Third Parties and X.509.v3 in a hierarchical organisation that uses Multi Level Security. For his thesis at Philips Crypto B.V, Edward Stempel will investigate the possibilities of a Multi Level Security (MLS) environment, and how a Public Key Infrastructure (PKI) can be brought into action to support MLS.

A model will be developed for implementing a PKI that supports MLS. This model should deal with the constraints imposed by the PKI pilot. The existing security model for the Philips Products Vkaart and VPN-Guard are the basis for these constraints.

In particular, the following topics will be investigated: What different models of MLS are known? And which models are most Appropriate to fit the PKI-pilot at Philips Crypto. Research has to be done if and how the X.509v3 standard certificates can be used for MLS. A question to be solved is whether the users' access rights should be stored in the certificate or whether another solution should be used. Issues that also have to be considered are key (or certificate) revocation, key recovery, role based security levels and non-repudiation.


Edward Stempel: "Multi Level Security in a Public Key Infrastructure", Master Thesis, February 2000. PostScript document



Supervisory committee

Philips Crypto B.V.  Mei 1999 - December 1999 
  • Dr. J.H. Hoepman
  • Prof. Dr. S.J. Mullender
  • Prof.dr. Ir. C.J. A. Jansen
  • Drs. J.R. Brands mtd
  • PhD. A. Helme

Last Version -
(Note: changeover from CVS to dotless svn version numbers on Jan 19, 2008, and changeover to GIT versioning on May 30, 2013.)
Maintained by Jaap-Henk Hoepman
Email: jhh@cs.ru.nl