The TOS provides basic services, security, and loading of TSCs as well as integrated advanced operating features. Based upon Red Hat Enterprise Linux 5.6 and hardened using Tresys Certifiable Linux Integration Platform (CLIP) and a custom Security Enhanced Linux (SELinux) policy, the TOS is:
- Stateless: No data can be written to internal storage (the OS starts from a known good state on every boot), and
- Userless: Ensuring that the OS has no users and cannot be used interactively.
The system can also be monitored remotely via the TSC.
TSCs are software programs that are loaded by the TOS to perform the cross-domain functions including network connectivity, communication with external nodes, data inspection and cleansing, and policy enforcement. Within the boundaries established by the TOS, TSCs transfer data across the fiber devices using a custom network interface, allowing the use of standard IP protocols. TSCs are configurable, very flexible, and can be constrained with SELinux policy to provide many traditional CDS functions.
There are many TSCs available that can be implemented and customized by either Tresys or a customer (with Tresys assistance). Tresys and various customers are developing a range of TSCs. Additional form factors, performance enhancements, and custom TSCs are in development and those features can be accelerated at customer request. Existing and planned TSCs include FTP transfer w/ virus scanning, streaming video with uni-directional data flow, and bi-directional VOIP filtering.
1. What does XD Bridge do?
The Tresys XD Bridge Cross Domain Solution (CDS) offers a novel approach to solving cross domain information transfer problems that delivers unmatched flexibility, low cost, and high performance. The unique XD Bridge architecture enables a single platform to support a wide range of CDS transfer and access applications, including the rapid development of custom filtering components. The result is a CDS that directly addresses the evolving needs of CDS users. To facilitate these objective, the XD Bridge architecture is designed and created into two distinct components: a TOS and TSC.
The Trusted Operating System (TOS) provides basic services, security, and loading of TSCs. There is only a single TOS that is included in every XD Bridge. Key Aspects include the following:
1. Based upon Red Hat Enterprise Linux 5.6.
2. Hardened using Tresys Certifiable Linux Integration Platform (CLIP) and a custom Security Enhanced Linux (SELinux) policy.
3. Stateless – no data can be written to internal storage, so the OS starts from a known good state on every boot.
4. Userless – the OS has no users and cannot be used interactively.
5. Remote monitoring can be enabled by TSCs.
The Trusted Software Component (TSC) is loaded by the TOS at boot and provides integration with the connected network, filtering / policy, and transfer of data across the fiber. TSCs are very flexible and provide much of the traditional CDS functions. Examples of existing/possible TSCs: FTP transfer w/ virus scanning, streaming video w/ uni-directional data flow, bi-directional VOIP filtering. Key aspects include the following:
1. Contains all of the software that connects to the connected network and performs filtering and inspection.
2. Configurable by an administrator to allowing setting of site-specific configuration.
3. Loaded by the TOS from a special-purpose USB thumb drive that is verified by the TOS before loading.
4. TSC software can be constrained with an SELinux policy.
There are many TSCs available and can be implemented by either Tresys or a customer (with Tresys help). Tresys currently offers a TSC that provides the ability to move files across a domain boundary using FTP. Customization is available for that TSC’s filtering capabilities.
2. Who can purchase XD Bridge?
- XD Bridge is currently being made available to the US federal government, critical infrastructure (CI), and the defense industrial base (DIB). For CI and DIB within the US, approval must be obtained from authorized US government representatives. XD Bridge is not available to non-US customers or to US CI or DIB with foreign ownership of any type due to export restrictions.
3. What certification and accreditation level is XD Bridge?
- XD Bridge has been Certified and Accredited at DCID 6/3 PL5 by a US Government agency. Please contact Tresys for more information.
4. What network protocols are supported by XD Bridge?
- The XD Bridge TOS includes support for common, low-level networking protocols to the external network allowing a TSC to support virtually any protocol that can run over Ethernet. Within the boundaries established by the TOS, TSCs transfer data across the fiber devices using a custom network interface, allowing the use of standard IP protocols. In a single fiber configuration, communication across the fiber interface can use any IP protocol that is one way (including UDP). When two fibers are connected, they can either serve as two, uni-directional channels or used together to form bi-directional communication (of course, that communication can be filtered and controlled to limit backchannels). In bi-directional mode, standard network protocols – including those built upon TCP – can be used across the fiber. This includes ssh, ftp, http, etc.
5. What happens to infected or unrecognized files identified by XD Bridge?
- Files with unrecognized formats will be removed by XD Bridge. Recognized files that contain malicious or hidden content will be cleansed for safe use if possible. Otherwise, the file will be removed.
6. How does XD Bridge support remote monitoring and management?
For remote monitoring the XD Bridge TOS supports rsyslog and the Linux audit framework in both local and remote configurations. A TSC can, therefore, enable logging to be sent out from both Ethernet interfaces or, optionally, transfer all data to one side of XD Bridge and be sent out a single network interface. The TOS also supports SNMP v3, allowing a TSC to enable SNMP with a standard Linux MIB or with a custom MIB.
XD Bridge does not currently support remote management because of the stateless nature of the system. Administrators perform all management by configuring the TSC before it is installed to the USB thumb drive. However, future versions of the system may store state and allow remote management.
7. How is XD Bridge TSC security ensured?
- Before TSC loading onto an XD Bridge, bilateral authentication between the TSC and the TOS is performed thereby preventing the use of unauthorized TSCs on a particular XD Bridge. Additionally, TSCs are encrypted to protect sensitive configuration information and software. While the TSC is stored on a USB thumb drive, this drive does not represent the same security risks as a typical drive. Tresys provides compatible thumb drives that pose no physical risk to the system. Additionally, the TSC installation procedure clears all data from the TSC and only installs a verifiable TSC. Finally, after TSC loading and during operation, all access to the thumb drive prevented by the TOS. There is no possibility of data leakage to a USB thumb drive.
8. How is local storage addressed?
- No persistent local storage is available on an XD Bridge. However, during processing an in-memory filesystem is available to TSCs for storage of temporary data. This is cleared on each reboot
9. What TSCs are currently available?
Tresys currently sells a TSC capable of transferring data from an FTP/SFTP server on one side to an FTP/SFTP server on the other side. Files being transferred are optionally virus scanned and filtered for file type. Prioritization of which files can be transferred is supported through file naming conventions. Reliable transfer is supported (requiring the use of both fiber connections). In this mode, the file on the source server is either deleted or moved to a archive directory once the transfer has been to completed to the destination server. A unidirectional mode is also supported (using only a single fiber). Predictive data re-transmission is used in this mode to provide strong reliability (though not guaranteed delivery).
Custom TSCs can be developed to support other use cases either by Tresys or in collaboration with a customer. Please contact Tresys for more information.
10. What form factors are available for XD Bridge?
- Tresys currently sells XD Bridge in a standard 1U rack mount version. Multiple tactical form factors are also available upon request. Please contact Tresys for more details.
* XD Bridge has been Certified and Accredited at DCID 6/3 PL5 by a US Government agency