You are here

Shipboard Cross Domain Secure Solutions


TECHNOLOGY AREA(S): Ground Sea, Electronics, Nuclear 

OBJECTIVE: Develop a cross-domain solution for secure networks specialized operating applications and interfaces between systems of differing security classifications. 

DESCRIPTION: The security of discrete activities operating within the same network environment under strict requirements for zero data mixing or “spills” is a challenge. Cross- domain data flows impeded by time-consuming release procedures prevent fluid and effective operations. The situation also encourages the entire activity to be carried out at the highest security level to avoid sharing the data between security domains. Such applications would serve to coordinate activities and maintain data consistency between domains. Such split applications would also reduce the need for ad hoc forms of communication between the domains, whose security is difficult to ensure. Critically, such applications must not enable unintended flows of information between domains. Thus, this SBIR topic focuses on the design of the protocol that ties the two parts of the application together as the key challenge. While the information being processed by the cross-domain solution will be classified, the system without data will be unclassified. This SBIR topic seeks two kinds of developments: 1) Protocols or classes of protocols of practical interest to the Navy Strategic Systems Program (SSP) that can be securely operated between security domains, and/or 2) Practical means for determining that instances and implementations of such cross-domain protocols are secure and correct. The two main parts of the application should run without special privileges in their domains. However, the module that interprets the protocol within the guard is highly privileged, and therefore the highest degree of trust in its correctness and security is of key importance. This component of the system must either be very simple so that manual inspection is feasible, or there must be some other means or strategy for ensuring correctness. Assume that the straightforward operation of the distributed application for its intended purpose is well within the security policy that will be defined as part of this development. This topic focuses on ensuring that the protocol cannot also serve as a conduit for covert communications, or that the bandwidth of such covert channels is limited. Respondents should describe what kind of protocol their system will support, what sorts of cross-domain applications that protocol will enable, and what the overall usefulness of such applications would be in a cross-domain setting. Additionally, the protocols should configure/control the identified hardware to obey the controls and should be identified as part of a software/hardware solution. Respondents should also indicate why it is at least plausible that their selected class of protocols will be secure. Of particular interest will be theoretical advances that enable larger classes of protocols to be handled securely or that enable automated analysis of protocols to ensure that they are secure with mathematical accuracy. 

PHASE I: Define a class of protocols operating across domain boundary with a strategy for protecting protocol as it passes through a guard. Provide a security argument/analysis that details a bandwidth limit on the covert channel(s) that could be supported by this protocol. Phase I will also include plans to develop a prototype application under Phase II. 

PHASE II: Based on the work completed during Phase I and the proposed Phase II plan, implement tools to support the class of protocols selected including the guard component, and any automated protocol analysis that is necessary to ensure security. Construct a sample cross-domain application using a protocol from that class that meets security requirements and augments the selected hardware for those protocols. Illustrate the security argument in concrete form for this application. The prototypes should be delivered with basic functionality testing by the end of Phase II. During Phase II, it would be advantageous to utilize the FCS development platform located in Pittsfield, MA to coordinate and execute MISM prototype verification and validation testing in the SSBN-R Advanced Development Lab (ADL) and Engineering Test System (ETS). 

PHASE III: Solve the multi-domain coordination problem for the Navy customer. This design can be applicable for future applications that require handling data in-between multiple security domains. Work with automated guard vendor to install and test protocol checking module. Apply technique to protect communications between multi-network systems. Integrate guard component within existing hardware/software systems. A tested prototype should be delivered by the end of Phase III. 


1: U.S. Defense Information Systems Agency (DISA) Cross Domain Solutions (CDS) 101.

2:  Department of Defense Instruction (DODI) 8510.01: "Risk Management Framework (RMF) for DoD Information Technology."

KEYWORDS: Cross Domain; Network Security; Protocol; Data Security; Classification Interface; Cross Domain Guard 


Ian Siperstein 

(202) 433-8513 

Timothy Aberg 

(202) 433-8535 

US Flag An Official Website of the United States Government