Tresys Technology | Solutions

We solve complex and sensitive security needs for governments and businesses, how can we help you?

File Sanitization Tool (FiST) enables secure use of USB devices for US DoD mission critical environments.

USB 'thumb drives' are widely used to share vital information in forward locations, move data between coalition partners, deliver command instructions and situation briefs and a wide variety of other applications. Unfortunately, these devices also provide an avenue of attack against critical systems through advanced viruses and malware. Until development of FiST, the risk associated with USB data sharing was deemed so significant that USB devices were banned or restricted. FiST is a unique solution that disinfects USB devices and files to enable secure use of the device for mission critical environments.
Certifiable Linux Integration Platform (CLIP) expedites DCID and NIST compliance by providing a certified OS foundation for building secure solutions.

Security requires vigilance at the desktop and throughout the network. Tresys developed a base platform and desktop lockdown solution that allows customers to be compliant with Director of Central Intelligence Directive (DCID) 6/3 [CNNSSI 1253] and the National Institute of Standards and Technology (NIST) Special Publication 800-53. CLIP expedites the evaluation process while ensuring that systems are inherently developed with security in mind. CLIP includes a Tresys-developed secure configuration baseline of the Red Hat Operating System (OS) and the relevant documentation to support certification and accreditations. This package serves as a certified starting point OS on which vendors can build their solutions - thereby eliminating evaluation of OS requirements for each accreditation effort.
Secure Desktop Virtualization allows Australian Defense agency to realize the benefits of virtualization in highly secure environments

Server and desktop virtualization offer tremendous benefits to organizations. Security, however, can be a barrier to virtualization in high risk environments. Tresys was asked to assist this Australian Defense organization to experience the benefits of desktop virtualization without compromising endpoint security. Tresys was able to deploy VM Fortress that locks down the desktop environment using strong type enforcement via SELinux, enables operational reliability via 'sandbox' environments, and eases administrator and user management.
Cross Domain Toolkit facilitates adoption of strong, mandatory access controls for US Department of Defense / Intelligence Agencies

Integrating systems and networks to enable controlled sharing of information across varying security levels presents complex challenges. These solutions, commonly called cross-domain solutions (CDS) or "guards", require complex rule sets that normally do not have a user-friendly interface for accessing or defining the required rules. Tresys developed a toolkit and language definition project to assist DoD/Intel agencies with the adoption of mandatory access controls (MAC) in their environments - a Cross Domain Solution (CDS) Framework Toolkit. The CDS Framework Toolkit enables users to define the appropriate security domains, associated rules, and generate the SELinux policy required to implement the necessary security objectives.
Secure Chat Solution enables instant messaging between users in different security domains for US Depart of Defense Combat Command

Sharing information real-time across the battlefield is a requirement to support today's war fighter. A DoD Unified Combatant Command of the U.S. Military that provides mission-ready, joint-capable forces, and supports the development and integration of joint, interagency, and multinational capabilities required a cross domain solution (CDS) for protection and dissemination of classified information between security enclaves - using instant messaging clients. The solution is the Collaboration Gateway (CG) - an instant messaging (IM) server that enables secure chat between users in different security domains using Jabber IM clients. This gateway ensures rightful data is shared between the intended recipients while meeting required securing policy.
SELinux Tools enable US Intelligence Agency to rapidly analyze and test and assess their SELinux security policies on next-generation workstations.

A U.S. intelligence agency tasked with providing solutions, products, and services that enable defensive information operations needed to define a way to ensure that their community of application developers (i.e., employees, vendors, contractors, etc.) is able to quickly assess the robustness of security policies on their secure, next-generation workstations. To meet this requirement Tresys designed, developed (and today supports) the necessary Open Source tools: SETools. SETools allows users to expedite analysis and testing of these Security Enhanced Linux (SELinux) security policies and gives users the ability to perform both interactive and complex, automated analysis of their security policy.
SELinux Reference Policy developed as open source solution for USG agency to provide the basis for security policy in COTS Linux distributions

Securing information infrastructures critical to U.S. national security interests is a primary mission of this USG agency. A key requirement of the agency is the development of security policies that can provide a higher level of information assurance for government and commercial organizations. To meet this need Tresys was asked to develop a modular, comprehensive, well-documented, and secure mandatory access control (MAC) security policy that could be adopted by COTS Linux distributions. Tresys developed and today maintains the Open Source "Reference Policy" - a modular, comprehensive, well-documented, and secure SELinux security policy. It is now the basis for the standard SELinux security policy shipped by vendors (e.g., Red Hat(TM)) and is present in Linux COTS products such as Red Hat(TM) Enterprise Linux (RHEL).
N-Tier Application Mandatory Access Control (MAC) allows UK Government to secure an IBM WebSphere environment

Retrofitting or developing an application to meet very high security requirements is a challenging prospect. Tresys combines the strongest technologies with unmatched expertise to ensure that applications are secure. Tresys worked with IBM and Belmin Group Ltd for this UK Cabinet Office to secure an IBM(TM) Websphere(TM) environment using strong Mandatory Access Control (MAC) and demonstrate that there was strong financial value to doing so.
TurretGate provides a high performance environment for routing sensitive data between US DoD networks of differing security levels and policies.

TurretGate routes Java Message Service (JMS) messages, based on security-related properties in the message. The Tresys JMS TurretGate solution supports bi-directional JMS communication between networks of differing levels, release policies and other security characteristics. It provides the ability to quickly and securely route alerts, monitoring messages, control messages and other JMS messages only to the intended target networks. The initial release of the Tresys TurretGate Platform targets a DCID 6/3 PL 4 environment. Future releases will target PL5.

Education