RE: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd)

[Paul McNabb <mcnabb () argus-systems com>]

>  From jepstein () tis com  Tue Oct 27 22:08:05 1998
>  
>  Paul McNabb wrote:
>  >I've poked around on these sites and it appears that the Australians
>  >are finally commercializing the old CMW technology, something that
>  >was done years ago here in the U.S.  I wonder if they've added anything
>  >of value or if they are just repackaging it?  I know of at least six
>  >products that do exactly what is described by the Australian web pages,
>  >and do it on a single machine with properly modified/secured X servers
>  >and network stacks.
>  
>  Paul, it's emphatically not CMW technology.  CMW relied on medium assurance
>  (i.e., B1) operating systems and windowing systems to provide a modicum of
>  separation.  This has only two small trusted parts: a one-way diode and an
>  A/B switch.  It's certainly not repackaging.  Everything else is completely
>  untrusted.  So you don't need trusted operating systems or windowing
>  systems, both of which are VERY hard to do with any degree of assurance.
>  And as a result, you can get very high assurance.  [If the NSA evaluated
>  things like this, I'm reasonably confident it could meet TCSEC A1 without
>  much difficulty.  But since it's not an operating system, but rather a
>  nifty device, the NSA doesn't know how to evaluate it.  Luckily, there are
>  other criteria besides Orange Book that are more flexible for things like
>  this.]
>  
>  Truth be told, it's most similar to the TRW Trusted X research prototype
>  that I did in the early 1990s.  It uses many of the same concepts (Mark
>  Anderson, the inventor of the Australian box, attended a tutorial I gave
>  and came up with a better solution than I had).

You are right.  Last week I went back and looked more closely at what
they had done, and it isn't really CMW trusted X Window stuff, though
it is solving some of the same types of problems.  In fact, this looks
a lot like some of the work done at NRL over the last few years.  The
NRL folks were solving the problem of having information flow only from
low systems to high systems.  They did this by replicating databases
on different systems and providing a one-way communication mechanism to
send transactions up the chain to higher systems.

I was sitting next to a bunch of military guys while the NRL project was
being presented, and the most interesting comment I heard was something
like "Big deal.  We aren't concerned about secure upgrading, we can do
that now.  We want secure downgrading."  I'm not sure if this is the
general feeling about the rash of "diodes" now coming on the market, but
I think there is still a great need for secure, bi-directional flow.

Galaxy Computer Services, Inc. (www.gcsi.com) makes something they call
an "Information Diode" which is based on Linux running on PCs.  They use
two systems running modified tftp protocols on top of "hardened" (not
trusted) versions of the operating system.  They claims are similar:
information can flow in only one direction.  The site says that source
is delivered with the product.

BTW, wasn't your solution at TRW the one that used multiple instantiations
of the X server, each handling a separate security level?

paul

---------------------------------------------------------
Paul McNabb                     Argus Systems Group, Inc.
Vice President and CTO          1809 Woodfield Drive
mcnabb () argus-systems com        Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433                "Securing the Future"
---------------------------------------------------------