TSE and Applications

Presented as part of the 2007 HCSS conference.

Abstract

This tutorial will discuss the architecture and implementation of the Trusted Services Engine (TSE) as well as a set of applications built on top of the TSE.

The TSE is a WebDAV server that can be simultaneously attached to networks with different security contexts. When one network’s security level dominates another, the TSE can be configured to provide “read-down”. Preventing unintended data flows (e.g., from lower to higher levels), is enforced by a high assurance software component called the Block Access Controller (BAC).

The tutorial will have two parts: First we will describe the TSE, its software architecture and security design. The architecture discussion will include how the TSE leverages separation properties of the underlying operating system. Next we will describe the properties of the BAC, and the file system we built on top of the BAC. Finally we will describe how we modeled the BAC implementation in Isabelle/HOL, a semi-automated theorem proving system.

In the second part we describe a number of applications we built on top of the TSE. All of these applications share a common security architecture, in that they rely entirely on the TSE for cross-domain information flows. Upon that basic architecture, we have built a cross-domain document collaboration system (the DocServer) that provides the interface of single documents built from content at different security levels. We are also building RSS (Really Simple Syndication) services that enable cross-domain “publish-subscribe” oriented collaboration.