|
Cross-Domain RSS Processor and Router
Navy SBIR FY2006.1
| Sol No.: |
Navy SBIR FY2006.1 |
| Topic No.: |
N06-089 |
| Topic Title: |
Cross-Domain RSS Processor and Router |
| Proposal No.: |
N061-089-1292 |
| Firm: |
RedPhone Security
2019 Palace Avenue
Saint Paul, Minnesota 55105-1733 |
| Contact: |
Mark Brown |
| Phone: |
(651) 204-3372 |
| Web Site: |
www.redphonesecurity.com |
| Abstract: |
A MILS (multiple independent levels of security) architecture is proposed for a cross-domain routing system. Research is required to determine if a low-assurance encryption protocol implementation can feasibly deliver messages while assuring system-wide message integrity. One objective is to avoid reinventing a proven standard key management and encryption protocol, TLS (transport layer security) or certifying the protocol implementation with high assurance. By extending the TLS protocol in a standard way, digital signatures can be added to the protocol. Next, MILS an application-level reference monitor (ALRM) can ensure that the reference monitor assures message integrity using the new digital signatures before allowing the routing subsystem to process the message. Following this pattern, TLS can be extended a second time to add a routing instructions block to the protocol. These routing instructions can in turn have integrity assured by a similar combination of digital signature and MILS ALRM. Further utilization of a MILS separation kernel could yield a highly assured cross-domain routing system capable of read-down and write-up. Use of the protocol extensions enables routing at granular sensitivity levels. An example use of such a system is proposed for future implementation: RSS summaries of C2ISR data feeds could be obtained across domains. |
| Benefits: |
Obtaining EAL6 assurance for a router that can securely enables granular cross-domain messaging will enable a new paradigm for secure communications. In military contexts, granular separation controls could reduce communications inefficiencies caused by strong separation of classification or sensitivity levels. In business contexts, a highly assured router that can be effectively controlled by policy or legal contracts can enable higher value and more efficient and convenient business transactions. Businesses benefit from the ability to expose valuable services over the Internet to selected partners, who in turn may control access to selected employees. Cost savings compound due to several operational efficiencies and reduced security costs and risks surrounding the system's deployment. |
Return
|