Assured Information Sharing
Expand collaboration without sacrificing security requirements.
Technologies such as wikis, social networks, and ubiquitous networking make collaboration more effective. However, an inherent tension exists between security requirements and the need to share information. The goal of Galois' information assurance technologies is to lesson this tension.
Perform a single search across multiple protected data sources without revealing a user's identity:
Secure Federated Search Management
Guarantee the security of your searches across multiple organizations using military-grade software that can be used in a commercial setting. Galois is building a standards-based Secure Federated Search Manager (S-FSM) system that enables a single search across diverse levels of data access without compromising security.
Secure multi-level and cross-domain information sharing:
This cross-boundary wiki system is based on the MediaWiki software that powers Wikipedia and Intellipedia. The Tearline Wiki can be used to collaborate across information boundaries, including those spanning multiple clearance levels.
Secure cross-domain file system:
Trusted Services Engine (TSE)
This network-enabled software appliance enables secure file sharing across multiple security levels. The TSE allows users at higher security levels to gain an integrated view with read-only access to un-replicated files at lower levels and read/write access to files at their own level.
Aggregate without relaying private security credentials:
Cross-Domain RSS (CD-RSS)
This system provides secure multi-level and cross-domain RSS service, ensuring timely access to news and events online. Designed for groups collaborating on secure data, CD-RSS gives users the ability to aggregate across protected resources without relaying private security credentials to those endpoints.
Secure mediated access:
Block Access Controller (BAC)
Useful in streaming video, file based systems, wikis, etc., the Block Access Controller (BAC) is a mediator between clients of possibly different security levels and any kind of read/write storage (disk, FLASH, DRAM). The interface permits block reads and writes according to the Bell-LaPadula model, where the reads can be from your own level or lower levels, and writes are always to your own level. The BAC can be thought of as behaving like a software "data diode." Its design simplicity enables cost-effective high assurance solutions.
A secure architecture for data separation:
Multiple Independent Levels of Security (MILS)
Multiple Independent Levels of Security (MILS) is an architecture in which critical systems are decomposed into components that can be individually constructed to appropriate levels of assurance, and deployed on a single platform that ensures the components stay isolated from inadvertent or malicious behavior.