Multilevel Security - MLS Applications

MLS Applications

Infrastructure such as trusted operating systems are an important component of MLS systems, but in order to fulfill the criteria required under the definition of MLS by CNSSI 4009 (paraphrased at the start of this article), the system must provide a user interface that is capable of allowing a user to access and process content at multiple classification levels from one system. The UCDMO ran a track specifically focused on MLS at the NSA Information Assurance Symposium in 2009, in which it highlighted several accredited (in production) and emergent MLS systems. Note the use of MLS in SELinux.

There are several databases classified as MLS systems. Oracle has a product named Oracle Label Security (OLS) that implements mandatory access controls - typically by adding a 'label' column to each table in an Oracle database. OLS is being deployed at the US Army INSCOM as the foundation of an "all-source" intelligence database spanning the JWICS and SIPRNet networks. There is a project to create a labeled version of PostgreSQL, and there are also older labeled-database implementations such as Trusted Rubix. These MLS database systems provide a unified back-end system for content spanning multiple labels, but they do not resolve the challenge of having users process content at multiple security levels in one system while enforcing mandatory access controls.

There are also several MLS end-user applications. One of the best known is the Trusted Network Environment (TNE) by General Dynamics. As of 2012 TNE is accredited and in production, and it is classified on the UCDMO's baseline as a Cross Domain Multilevel system. TNE was originally created on Trusted Solaris 8, though it has recently been migrated to Solaris 10 using the Argus Systems Group's PitBull security technology. It provides a multilevel file manager, chat, desktop, web server, and email client among other capabilities. The other MLS capability currently on the UCDMO baseline is called MLChat, and it is a chat server that runs on the XTS-400 operating system - it was created by the US Naval Research Laboratory. Given that content from users at different domains passes through the MLChat server, dirty-word scanning is employed to protect classified content, and there has been some debate about if this is truly an MLS system or more a form of cross-domain transfer data guard. Mandatory access controls are maintained by a combination of XTS-400 and application-specific mechanisms.

In the past several years, BlueSpace Software has created a different approach to multi-level applications based on using approved (accredited) UCDMO data guards. BlueSpace's end-user applications are browser-based and create a unified view of information from multiple security levels by transferring XML metadata across a guard. This leaves the data on the originating network, but provides the user with access to all resources from a single interface. They currently have four products: Unity - unified view of email/calendar/contacts/tasks integrated with Microsoft Exchange; Discover - unified view of search results from multiple security levels using standard search engines such as Google Search Appliances; GeoSpace - a C2 application that shows ground, air, sea, and land units plotted on a 3D visualization platform such as Google Earth; and Sentinel - a cyber situational awareness application that provides network monitoring information from multiple security levels using commercially available Network Monitoring Systems.