Technology Today - Home
The Raytheon High-Speed Guard (RHSG) provides critical technology for sharing data between security domains. As of July 2009, Raytheon deployed 170 systems. Lead engineers for the project continuously support customers by monitoring requirements, technical challenges, and trends to ensure that customers' information-sharing and information protection needs are met.

What Is a Guard?
Current security policies require a trusted entity to independently validate data being moved between top secret, secret, releasable and unclassified networks. These products are commonly known as trusted guards, high assurance guards, or just guards. Guards typically function as proxies, providing network separation between the two systems being connected. A guard has three main functions:
  • Network separation
  • Mandatory access control
  • Data validation
Network Separation
A guard separates networks by providing an IP address on the high-side network as well as one on the low-side network. This allows the guard to appear as an end node — a server — on each network without making one network visible to the other. A guard specifically does not pass routing information, dynamic host configuration protocol (DHCP) requests, or other control-plane information from one network to the other. Guards provide proxy network connections and restrict the flow of network traffic to a constrained set of IP addresses, ports and protocols.

Mandatory Access Control
Another requirement for guards is to enforce mandatory access control. MAC is one of the most enduring concepts in information assurance. In a nutshell, MAC describes the requirements for ensuring that every action is identifiable with one or more actors (users, applications or systems), and that the information acted upon is dominated by the privileges of those actors. Ensuring these simple criteria are met — even in the face of programming errors and malicious users — typically requires a trusted operating system such as Security Enhanced Linux®. In a trusted operating system, the operating system carries label information on all components on the system: memory, file systems, network interfaces, etc., and provides application programming interfaces for systems such as guards to move data between security levels.

Data Validation
A guard must validate the data passing through it and ensure the data is authorized. Guards typically enforce different checks depending on the direction the data is flowing.

When data is passed from a high to low network, the guard ensures that only data authorized at the lower network's security level is passed. Several methods are used, including the following:

  • Classification rules to independently interrogate the data to determine its classification
  • Verification of existing labels on data
  • Verification of upstream systems' digital signature on data
The right combination of methods depends on a particular system's data formats and security policies. For moving data from a lower network, the primary concern is the prevention of malicious content. For filebased transfers, virus scanning is the primary mechanism for meeting this requirement. For streaming data, data validation can be used to verify the content of the data by checking individual field values for compliance to the data specifications.

Meeting Critical Customer Needs
The need to share intelligence has become one of our critical customer requirements. Data collected at higher security levels is typically processed into intelligence meant to be shared at lower security levels, including releasable data for coalition partners. Command and control systems in the field require automated access to higher security level tasking and reporting systems. Figure 1 shows an overview of how Raytheon's guard might fit into system architecture.

Current guard systems are typically limited to pre-defined, fixed-format data types. As customers adopt such current commercial approaches as service-oriented architecture, they introduce significant challenges for secure cross domain implementations. Key challenges include evolving standards and new transport protocols for guards like Standard Object Access Protocol (SOAP) over HTTP.

The RHSG team tackled these challenges in the last three years by providing the cross domain solution for the Empire Challenge intelligence, surveillance and reconnaissance (ISR) demonstrations sponsored by the Under Secretary of Defense (Intelligence). The exercise included a full range of two way cross domain information exchange, including traditional file transfers, live streaming video and Web service transactions via SOAP messages transmitted over HTTP. During the execution of Empire Challenge, the RHSG supported hundreds of thousands of cross domain transfers.

The cross domain Web services demonstrated the first implementation of Distributed Common Ground System (DCGS) Integration Backbone federation across releasability domains, providing support for data query and product retrieval. Based on the successful demonstrations, our customers are looking to deploy this Cross Domain Federation Service in support of the warfighter.

With SOA Web service architectures becoming the standard for new systems for our customers, Raytheon was awarded one of two 12-month Proof of Concept contracts to develop the next generation of cross domain systems for another of our U.S. Department of Defense customers. The Distributed SOA-Compatible Cross Domain Service program seeks to define a cross domain system capable of supporting entire enterprises via a system of scalable cross domain services accessed as Web services.

Looking to the future, Raytheon is supporting university research on natural language processing and automatic data classification. Breakthroughs in these areas are keys to further streamlining crossdomain transfer validations in terms of cost, schedule and performance.

Kevin Cariker
Jason Ostermann