SBIR-STTR Award

The adoption of XML as the underlying paradigm by which a wide range of commercial, Government and Military systems communicate is fundamentally changing the way in which systems interact. Since many mission critical data flows for government, DoD, and commercial systems occur across security domains or organizational boundaries, XML-enablement of cross domain controlled interfaces, to include Guard systems, is a pertinent research and development endeavor that, once proven, will likely find itself on the fast-track to producing an operational commercially viable capability. Operational cross domain solutions, like the ISSE Guard, are already successfully utilizing XML technology to include XML DTD-based and schema-based validation techniques. However, more R&D is needed. The Extensible Stylesheet Language Transformations (XSLT), XML Path Language (XPath), Security Assertion Markup Language (SAML), and XML Access Control Language (XACL) are but a few of the XML technologies which appear to have applicability to the controlled interfaces of tomorrow. This effort will focus on: determining if, and where, these technologies can be employed, assessing what the potential security, infrastructure and performance related implications are of their integration into future controlled interfaces, and demonstrating, via one of more prototypes, the use of leading edge XML technology in a guard application.

Keywords:
Xml Guard, Xml Controlled Interface, Xml Content Inspection, Xml Transformation, Xml Signing, Isse Guard

In today’s inter-connected, global community the need for collaborative information sharing between organizations is critical. Release restrictions manifested by document labels such as “Top Secret”, “Secret”, “For Official Use Only”, “For Internal Use Only”, “Law Enforcement Sensitive”, and “Privacy information” impede effective information sharing and limit document collaboration. Documents with these labels must be manually “sanitized” to produce versions which are releasable to a lower classification level or protection domain. Assuming they are edited and returned to the originator, a painstaking process is necessary to integrate these versions back into a single cohesive document. Our approach retains dissimilarly classified portions of a composite document as encrypted blocks within the same document in a format we call the Cross-Domain Meta-Locked Data Format (XMLDF.) As documents are edited and disseminated across domain boundaries, sections designated for release at different levels (via an XML markup scheme) are processed (sanitized and downgraded) automatically. These documents pass a series of checks to verify source, format, integrity, and compliance with release policies in a multi-level security environment. Centralized trust is placed in the XMLDF Authority component which enforces the cross-domain policy set by the security administrator against information labels set by the document creator.

Keywords:
CROSS-DOMAIN META LOCKED DATA FORMAT (XMLDF), CROS