Multiple Single-level - MSL Solutions

MSL Solutions

NSA pursued multiple programs aimed at creating viable, secure MSL technologies leveraging virtualization. To date, three major solutions have materialized.

• "Multiple Independent Levels of Security" or MILS, an architectural concept developed by Dr. John Rushby that combines high-assurance security separation with high-assurance safety separation. Subsequent refinement by NSA and Naval Postgraduate School in collaboration with Air Force Research Laboratory, Lockheed Martin, Rockwell Collins, Objective Interface Systems, University of Idaho, Boeing, Raytheon, and MITRE resulted in a Common Criteria EAL-6+ Protection Profile for a high-assurance separation kernel.

• "NetTop", developed by NSA in partnership with VMWare, Inc., uses security-enhanced Linux (SELinux) as the base operating system for its technology. The SELinux OS securely holds the virtual session manager, which in turn creates virtual machines to perform processing and support functions.

• The "Trusted Multi-Net", a commercial off-the-shelf (COTS) system based on a thin client model, was developed jointly by an industry coalition including Microsoft Corporation, Citrix Systems, NYTOR Technologies, VMWare, Inc., and MITRE Corporation to offer users access to classified and unclassified networks. Its architecture eliminates the need for multiple cabling plants, leveraging encryption to transmit all traffic over a cable approved for the highest level accessed.

Both the NetTop and Trusted Multi-Net solutions have been approved for use. In addition, Trusted Computer Solutions has developed a thin-client product, originally based on the NetTop technology concepts through a licensing agreement with NSA. This product is called SecureOffice(r) Trusted Thin Client(tm), and runs on the LSPP configuration of Red Hat Enterprise Linux version 5 (RHEL5).

Three competing companies have implemented MILS separation kernels:

• Green Hills Software
• LynuxWorks
• Wind River Systems

In addition, there have been advances in the development of non-virtualization MSL systems through the use of specialized hardware, resulting in at least one viable solution:

• The Starlight Technology (now marketed as the Interactive Link System), developed by the Australian Defence Science Technology Organisation (DSTO) and Tenix Pty Ltd, uses specialized hardware to allow users to interact with a "Low" network from a "High" network session within a window, without any data flowing from the "High" to the "Low" network.