The Future of Retinal Scanning in the Information Technology Security Field
Abstract
A retinal scan is a biometric technique that uses the unique patterns on a person's retina to identify them. It is not to be confused with another ocular-based technology, iris recognition. The human retina is a thin tissue composed of neural cells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person's retina is unique. This paper proposes a design that is based on the idea that the true identity of a user is hidden from the processes which act on his/her behalf. Retina is used to ensure that processes are given only the information they need in order to carry out the tasks for which they were intended. The design should reduce the use of covert storage channels in multilevel secure relational database systems.
Table of Content
Capstone Proposal Summary4
Review Of the Other Work6
Basic Concepts6
Multilevel Security6
Covert Channels9
Retina and Retinal Scanning12
Retinal Scan14
Rationale and Systems Analysis16
Trusted Paths16
Goals and Objectives22
Project Plan and Timelines23
Bibliography24
Information Technology Retinal Scanning Future Security Field
Capstone Proposal Summary
A retina scan security system is a biometric security system that uses the blood vessel patterns found on the back of the eye to identify a person. (Retina is the light-sensitive layer that lines the interior of the eye.) The underlying logic behind retina scanning is simple: Just like fingerprints, no two retinas are ever alike. However, fingerprints can be cloned, but it is impossible to clone retinas. Of course, genetic engineering will teach us many things and in the future - may be even cloning retinas retinas may become possible.- However as on date the fact remains that but as things stand today, retina cloning is impossible. Even a dead person's retina cannot be genetically cloned as it starts decaying rapidly. Many government related agencies, military, police, and intelligence classified the data at many different security levels. Main classifications are unclassified, confidential, secret, and top secret. Hierarchical structure is followed in nature, i.e. Top secret is a higher security classification than secret. It is tacitly understood that a clearance process is carried out independently on each individual using a certified procedure before a user is assigned one of these hierarchical categories. In addition “need to know” categories can be attached to any of these hierarchical classifications. Typical examples might be u.s. Eyes only, nato, middle east, etc. All data is labeled hierarchically and categorically, so a particular data item might carry the security label (top secret, [nato, u.s. Eyes only]). Mandatory access control (mac), which is a requirement at the b1 level of the orange book, mandates that all data shall be labeled and requires severe enforcement of the rule that data may not be turned over to a user unless the user's clearance has the appropriate hierarchical classification and “need to know” category privileges.
A system that has the capability to enforce mandatory access controls and store data with ...