- Rapid multi-level secure (MLS) solution development
- Mission-transformational capabilities delivered fast
- Leverage existing commercial-off-the-shelf (COTS) products
- Minimize accreditation footprint
- Lower maintenance and support costs over the lifecycle
Trusted Client Framework Overview
The defense and intelligence communities have implemented separate networks to enforce physical data separation for content at different classification levels. While this has been critical to protecting information, especially for internet connected systems, it can often make information sharing and collaboration significantly more difficult for end users. In an increasingly real-time world, where inter-agency, inter-department and often inter-country partnerships involving virtual teams are the norm not the exception, increasing connectedness (while preserving security) has become a primary objective.
In the US, the CIOs at the Department of Defense and the Office of the Director of National Intelligence came together in July 2006 to create the Unified Cross Domain Management Office (UCDMO). UCDMO’s mandate is to foster the cross-domain solution (CDS) and multi-level secure (MLS) ecosystems.
CDS systems rely on infrastructure mechanisms, e.g. data guards, to move data between different levels, and then often show it to the user through a single level client. This means that a user at Top Secret replying to a Secret mail must have their reply go back down through a dirty word scanner. Generally, CDS systems are less secure than MLS, as policing content moving between different levels is difficult, and the ‘membranes’ between different security levels end up being unnecessarily porous.
MLS systems leverage a true multi-level client, the only commercial example today of a full MLS OS desktop being Solaris 10 with Trusted Extensions. With MLS, a user operates at multiple security levels at the same time, e.g. composing a mail at Secret or Top Secret from the start of the process, as opposed to upgrading or downgrading content in guards. MLS helps prevent infection of higher zones, improves content security across the lifecycle (e.g. with copy and paste controls), and allows more rigorous auditing without covert channels.
The BlueSpace Trusted Client Framework is the first COTS MLS middleware application designed for creating MLS end user interface. It provides a Trusted Service Bus, which supports tightly controlled messaging between zones in Solaris 10 TX, leveraging MLS ports and the file system. The Trusted Client Framework allows developers to build MLS interfaces for both single-level COTS and custom applications, delivered as web ‘mashups’ via Firefox on the Solaris 10 TX MLS desktop. According to Klaus Weidner, Principal Consultant at atsec (a Common Criteria Testing Laboratory in the US):
“The Trusted Client Framework uses a core trusted component which connects mutually isolated, single-level application services to provide what appears to the user to be an integrated multi-level application. This makes it feasible to pursue a high assurance level with minimized security testing and accreditation footprint.”
With the support of atsec, BlueSpace is producing a Security Target which will define the "Target of Evaluation" for the Trusted Service Bus. BlueSpace intends to evaluate their product using Common Criteria 3.1 at assurance level EAL 5, which will specify a semi-formal evaluation including medium level robustness requirements and a methodical vulnerability analysis.
The Trusted Client Framework can be used to build a variety of MLS applications, for example:
- MLS instant messaging
- MLS blogs
- MLS wikis
- MLS federated search
- MLS geographical mashups
- MLS battlefield command interfaces
The Trusted Client Framework is also leveraged by TransMail Trusted Edition to provide a MLS electronic mail interface for the BlueSpace TransMail messaging server.
MLS applications offer mission-transformational capabilities for the defense and intelligence communities, often described as the ‘Holy Grail’. Single views of data across multiple classification levels can significantly change the user experience, increasing efficiency and efficacy. According to Edward Bryant, Technical Director at UCDMO:
“I see the BlueSpace application taking advantage of the multi-level capabilities of currently deployed multi-level clients, and this type of critical capability is needed to meet information sharing requirements.”