Trusted Client Framework Summary
  • Rapid multi-level secure (MLS) solution development
  • Mission-transformational capabilities delivered fast
  • Leverage existing commercial-off-the-shelf (COTS) products
  • Minimize accreditation footprint
  • Lower maintenance and support costs over the lifecycle

Trusted Client Framework Overview
Defense and intelligence organizations have multiple, separate networks running at different security levels.  The pressures of information sharing, network centric warfare and coalition orchestration have catalyzed many of these organizations to implement cross-domain systems to try and provide users with a single view of the data.  Cross-domain access does not achieve this, and cross-domain transfer requires moving large amounts of content between different security networks, which has several drawbacks and risks.

BlueSpace has created multi-level middleware to facilitate systems taking on a third approach to provide users with a single view of their data across multiple security domains – cross domain multi-level.  The BlueSpace Trusted Service Bus is an administratively controlled message bus that facilitates application messaging between different security levels for user interface orchestration.  The Trusted Client Framework is an Ajax mashup framework designed for the rapid development and deployment of multi-level end user applications that have a low impact on accreditation.

The Trusted Client Framework runs on the Solaris 10 TX desktop, which can be delivered via a Sun Ray, or various virtualization mechanisms such as using VM Ware with Solaris as a guest OS, or using Sun’s upcoming Soft Ray product on a Windows PC.

According to Klaus Weidner, Principal Consultant at atsec (a Common Criteria Testing Laboratory in the US):

“The Trusted Client Framework uses a core trusted component which connects mutually isolated, single-level application services to provide what appears to the user to be an integrated multi-level application. This makes it feasible to pursue a high assurance level with minimized security testing and accreditation footprint.”

The Trusted Client Framework can be used to build a variety of MLS applications, for example:

  • MLS instant messaging
  • MLS blogs
  • MLS wikis
  • MLS federated search
  • MLS geographical mashups
  • MLS battlefield command interfaces

MLS applications built on top of the BlueSpace MLS middleware platform can use COTS server applications without the need to modify server-side code.  Patching server applications can be carried out without the risk of introducing covert channels, because the server-side applications don’t need to have any cross-domain rights.  All cross-domain privileges are handled by the BlueSpace Trusted Service Bus, which runs on the end user desktop – the multi-level view exists purely at the client interface level as an MLS mashup.

The Trusted Client Framework is also leveraged by TransMail Trusted Edition to provide a MLS electronic mail interface for the BlueSpace TransMail messaging server.

MLS applications offer mission-transformational capabilities for the defense and intelligence communities, often described as the ‘Holy Grail’. Single views of data across multiple classification levels can significantly change the user experience, increasing efficiency and efficacy. According to Edward Bryant, Technical Director at UCDMO:

“I see the BlueSpace application taking advantage of the multi-level capabilities of currently deployed multi-level clients, and this type of critical capability is needed to meet information sharing requirements.”