Cross Domain & Information Assurance
Technologies such as wikis, social networks, and ubiquitous networking make collaboration more effective. However, an inherent tension exists between security requirements and the need to share information. The goal of Galois' cross-domain projects is to lesson this tension and to expand collaboration without sacrificing security requirements,
The Tearline Wiki provides secure multi-level and cross-domain information sharing. It is a cross-boundary wiki system based on the MediaWiki software that powers Wikipedia and Intellipedia. It can be used to collaborate across information boundaries, including those spanning multiple clearance levels.
Offering a secure cross-domain file system, the Trusted Services Engine (TSE) is a network-enabled software appliance that enables secure file sharing across multiple security levels. The TSE allows users at higher security levels to gain an integrated view with read-only access to un-replicated files at lower levels and read/write access to files at their own level.
The Cross-Domain RSS (CD-RSS) provides secure multi-level and cross-domain RSS service, ensuring timely access to news and events online. Designed for groups collaborating on secure data, CD-RSS gives users the ability to aggregate across protected resources without relaying private security credentials to those endpoints.
Providing secure mediated access, the Block Access Controller (BAC) is useful in streaming video, file based systems, wikis, etc. The BAC mediates between clients of possibly different security levels and any kind of read/write storage (disk, FLASH, DRAM). The interface permits block reads and writes according to the Bell-LaPadula model, where the reads can be from your own level or lower levels, and writes are always to your own level. The BAC can be thought of as behaving like a software “data diode.” Its design simplicity enables cost-effective high assurance solutions.
A secure architecture for data separation, the Multiple Independent Levels of Security (MILS) is an architecture in which critical systems are decomposed into components that can be individually constructed to appropriate levels of assurance, and deployed on a single platform that ensures the components stay isolated from inadvertent or malicious behavior.