Customer Profile
One of ten Unified Combatant Commands of the U.S. Military provides mission-ready, joint-capable forces, and supports the development and integration of joint, interagency, and multinational capabilities to meet the present and future operational needs. Unlike the six commands with responsibility for war plans and operations in specified portions of the world, this combatant command is a functional command that provides specific services to the military. To achieve its mission it is imperative for this command to rapidly introduce new doctrine to and receive immediate feedback from the war fighters…while preparing commanders for their mission in a realistic, time-sensitive and broad environment.

Business Challenge
Our client was tasked with developing a cross domain solution (CDS) for protection and dissemination of classified information between security enclaves. This high-risk deployment demands the best security implementation available to ensure enforcement of security policies.

Tresys Solution
The solution is the Collaboration Gateway (CG) – an instant messaging (IM) server that enables secure chat between users in different security domains. Using Jabber IM clients, this gateway ensures rightful data is shared between the intended recipients. The CG is a CDS built using Security Enhanced Linux (SELinux) type enforcement for mandatory access controls. Type enforcement provides separation of processes and information flow constraints – thereby mitigating the risks associated with the environment. Tresys Technology contributed security architecture and software design guidance throughout the software development life cycle of the CG. Tresys also developed a SELinux type enforcement policy to ensure the CG software was constrained within the defined security architecture.

Benefit
With the use of this underlying technology in the CG component, our client can now provide a secure two-way communication between different enclaves thus allowing for improved information exchange and situation awareness. With CG, joint forces share precise, sensitive information confidentiality, obviating the need for conventional obfuscation methods which are prone to misinterpretation and repeated requests for re-transmission. In addition, the new SELinux type enforcement now completely prevents any unwanted or unsuspected intrusion.

About Tresys Technology
Tresys Technology is a principal open source contributor to Security Enhanced Linux (SELinux), with an emphasis on making SELinux easier to use and manage. In addition to its extensive Secure Linux technology development, services, and training experience, Tresys provides many technology solutions that allow Linux users and administrators to easily leverage the power of SELinux. Tresys also provides business and government organizations with expert security engineering services, including security testing, evaluation and certification support, cryptographic solutions, and security technology innovation.