Trusted Service Bus Summary
  • Administratively controlled, cross-domain application message bus
  • Allows orchestration of UI events across different security levels
  • Facilitates rapid development of multi-level applications and systems
  • Supports multiple simultaneous applications via profile switching
  • Currently being prepared for certification at EAL5+ level

Trusted Service Bus Overview
Defense and intelligence organizations have multiple, separate networks running at different security levels.  The pressures of information sharing, network centric warfare and coalition orchestration have catalyzed many of these organizations to implement cross-domain systems to try and provide users with a single view of the data.  Cross-domain access does not achieve this, and cross-domain transfer requires moving large amounts of content between different security networks, which has several drawbacks and risks.

BlueSpace has created multi-level middleware to facilitate systems taking on a third approach to provide users with a single view of their data across multiple security domains – cross domain multi-level.  The BlueSpace Trusted Service Bus is an administratively controlled message bus that facilitates application messaging between different security levels for user interface orchestration.  The Trusted Client Framework is an Ajax mashup framework designed for the rapid development and deployment of multi-level end user applications that have a low impact on accreditation

The BlueSpace Trusted Service Bus does provide cross-domain capabilities, but it is not designed for moving large amounts of content between different security levels.  The Trusted Service Bus is designed for application messaging to orchestrate events in a multi-level system.  Examples of message types that flow across the bus in support of the TransMail Trusted Edition MLS client are “open mail [mail ID]” and “perform search [search criteria]”.  These messages are short in length, and use syntax based on HTTP.

The Trusted Service Bus does not itself reside in the trusted computing base, but rather, leverages features of the OS to pass messages between separate instances of the bus components running at the different security levels.  The source code of the Trusted Service Bus is well architected and documented to facilitate full source code review by accreditors.  Once an accreditor has approved the Trusted Service Bus for a deployment, MLS mashups of other applications can be developed and deployed without the need to add any new source code with elevate privileges.  The new applications have new message types that flow across the bus, and the bus is capable of changing profiles based on the connecting application.

With the support of atsec (a Common Critiera Testing Laboratory), BlueSpace has produced a Security Target that defines the "Target of Evaluation" for the Trusted Service Bus. BlueSpace intends to evaluate their product using Common Criteria 3.1 at assurance level EAL 5, which will specify a semi-formal evaluation including medium level robustness requirements and a methodical vulnerability analysis.

In the past, developing and accrediting multi-level applications has typically been difficult, time consuming and expensive, often requiring branching of source code from COTS products that must then be managed as separate custom solutions or GOTS products.  With the BlueSpace MLS middleware platform, defense and intelligence organizations can rapidly develop and deploy MLS applications while maintaining a minimal and manageable accreditation footprint.