Cross-Domain Document-Based Collaboration in a Multi-Level-Secure Environment
Agency / Branch:
DOD / NAVY
Our method of enabling cross-domain collaboration allows documents whose contents have a mixture of sensitivity levels to be viewed and edited by users with differing clearance levels, while maintaining the requisite security constraints. In particular, we've identified the following key technical requirements: *Multi-level documents: single documents may contain multiple sections of varying classification and compartmentalization. *Secrecy: users may view sections of documents only if they have clearance. *Editing: users may load, edit, and save a document without knowledge of, or disturbing sections of the document for which they lack sufficient clearance or approval. *High assurance: the solution must be built with high assurance, with a target evaluation of EAL6. To accomplish these goals, we propose to develop a trusted document server (DocServer) to mediate the connection between a user's workstation and files to which he has access. As far as the user is concerned, his workstation connects to a single "virtual" combined file and web server from which he may browse, open, edit and save documents. The DocServer will allow documents stored on the web/file server to contain regions of varying sensitivity levels. For example, a document may begin and end with low sensitivity text, but contain an inset of high sensitivity. BENEFITS: The need for secure information sharing of multi-level documents is quite extensive throughout government. Currently the U.S. Government has several million individual security clearances outstanding, and is producing tens of millions of new classified documents each year. Further, we are in the midst of a major transformation from strongly hierarchical organizations with vertical command, control and communications structures, to one where missions are executed by largely autonomous coalitions of nations/agencies/departments. This shift is happening not only in how we fight traditional wars, but how we coordinate Homeland defenses and wage the war on global terrorism. Potential users therefore, include the DoD, DHS, intelligence agencies, State and Treasury Departments, plus local governments. We also anticipate demand for this technology outside of the government in industry and private applications. Here we see a gradual strengthening of "infosec" practices to deal with privacy and security concerns which will mandate use of higher assurance technologies as they are shown practical and effective, especially in areas of health care and financial data.
Small Business Information at Submission:
CEO and President
Executive Vice President
GALOIS CONNECTIONS, INC.
12725 SW Millikan Way Suite 290 Beaverton, OR 97005
Number of Employees: