This paper traces the ten plus year history of the Naval Research Laboratory’s Pump idea. The Pump was theorized, designed, and built at the Naval Research Laboratory’s Center for High Assurance Computer Systems. The reason for the Pump is the need to send messages from a “Low” enclave to a “High” enclave, in a secure and reliable manner. In particular, the Pump was designed to minimize the covert channel threat from the necessary message acknowledgements, without penalizing system performance and reliability. We review the need for the Pump, the design of the Pump, the variants of the Pump, and the current status of the Pump, along with manufacturing and certification difficulties.
Myong H. Kang, Ira S. Moskowitz, Stanley Chincheck