.png)
.png)
.png)
.png)
 |
Trusted Service Bus |
|
Client Framework |
Client Framework
The BlueSpace Client Framework is the first commercial-off-the-shelf (COTS) framework specifically designed for creating multi-level secure (MLS) applications for end users. It supports rapid development of applications that combine data from different classification levels and networks into a ‘mashup’ for the end user, while still preserving the security of separate networks. The Client Framework functions alongside the BlueSpace Trusted Service Bus to reduce the time and investment required to build, maintain and support both custom MLS applications and MLS versions of existing COTS software products. The Client Framework leverages the Firefox 2.0 web browser and labeling at the operating system level as part of an MLS desktop.
The BlueSpace Client Framework is designed to support multi-level applications, which provide end users with a single interface while operating simultaneously at multiple security levels. The Trusted Service Bus facilitates tightly-controlled application messaging between security levels and content elevation to build unified views. However, when a user creates content - for example, composing a mail or starting an IM chat session - the framework can ensure that the user does this at the appropriate network label and classification level.
This MLS approach is more secure than traditional cross-domain solutions (CDS), in which the user interface operates at a single security level. With CDS transfer, all content is elevated to the highest level to provide a unified view. This ‘elevation’ of content poses a risk of infection to higher security levels. When the user creates content, a CDS system must downgrade that content through a data guard to allow it to go out over a lower level network. This is typically preceded by a ‘dirty word’ scan in an attempt to prevent leakage of higher level, classified content.
The BlueSpace Client Framework leverages the accredited and certified capabilities of the labeled operating system to enforce Mandatory Access Controls (MAC) over content. So ‘copy and paste’ is allowed only within a single level, the file system is properly segregated into separate levels, and labels persist with content across the entire lifecycle.