Additional Capabilities A number of useful capabilities are included in the pr

[admin]

Additional Capabilities
A number of useful capabilities
are included in the prototypes that
were not described in the NetTop
overview. The entire file system on
the hard disk is encrypted in order
to protect against compromise if the
machine is lost or stolen. The
"International Patch" for Linux was
installed, which provides software
encryption capabilities and services
under the control of the Trusted
Linux host OS. The hard disk
encryption is transparent to all
VMs. Additionally, this disk
encryption cannot be corrupted or
bypassed by an VM. A process was
developed that uses a floppy disk
and a user entered PIN to "boot-
strap" the decryption and loading of
system files from the hard disk.
Performance
Real-world performance deter-
mines any technology's acceptance.
NetTop's architecture includes a lot
of functionality in a single hard-
ware platform, yet the performance
is quite acceptable. The laptop com-
7
Fall 2000
Research & Advanced Technology Publication
 

 
Future Development
 Conclusion
 • IPSec modifications for NetTop
protocols
The NetTop proof-of-concept has
• User friendly interfaces
The Information Assurance
demonstrated an architecture that
appears to have significant promise
for information assurance applica-
tions. In its current form, however, it
is unsuitable for widespread use and
requires considerable refinement.
Our research has uncovered a num-
ber of shortcomings in current tech-
nology that need to be addressed.
Additionally, important topics still
must be investigated. Areas requir-
ing further development are:
Research Office has responded to
the NSA Advisory Board's challenge
with the NetTop proof-of-concept.
The novel architecture builds upon
COTS technology, fortifies it with
GOTS components, and provides a
combination with the potential to be
securely used for sensitive applica-
tions. It also addresses other impor-
tant concerns, and provides a frame-
work for useful extensions. NetTop
depends heavily upon the isolation
capabilities provided by the Trusted
Linux/VMM combination. The
robustness of the approach still
requires a comprehensive security
evaluation.
The set of capabilities identified
as NetTop extensions - Failure
Detection Server, Regrade Server,
and Coalition Management Server -
suggests an expansion of the security
services typically considered as part
of a Security Management
Infrastructure. The integration of
these services with traditional key
and certificate management services
may deserve a separate investigation
to develop a concept for a more
comprehensive security infrastruc-
ture.
• Identification & Authentication
Architecture
• Biometric activation technique
• Key & certificate management
• Filtering Router management
• Un-spoofable labels for MSL
Development of the NetTop pro-
 TTN
totype is continuing. Some of the
concepts previously described
including a Regrade Server, thin-
clients, and coalition support will be
integrated as each is developed.
Donald Simard is the Technical
windows
Director for the System and Network
Attack Center and has been with the
Agency since 1979. The majority of
his work has been in the Information
• Trusted VM switching mechanism
• Installation & configuration wizards
Systems Security Organization.
He is a Master in the INFOSEC
Technical Track and has a
Masters Degree in Computer
Science.
Robert Meushaw is
Technical Director for the
Information Assurance
Research Office. He joined the
Agency in 1973 with BS and MS
degrees in Electrical
Engineering. Mr. Meushaw had
a long career in the Information
Systems Security Organization
prior to his current position. He
is a Master in the Computer
Systems Technical Track.
A very simple NetTop configuration with only one user Virtual Machine can provide
a very useful feature - media encryption - which could not otherwise be done with
a high-level of confidence. Since the host operating system does not run
applications software, it is protected from virus attacks and other malicious software
that might corrupt the user VM. With the media encryption function embedded in
the host OS, all of the files on the hard disk can be encrypted transparently to the
user OS. The user OS cannot bypass the cryptography that is protecting the media.