High Assurance Guard
Encyclopedia
A High Assurance Guard is a Multilevel security
computer device which is used to communicate between different Security Domains
, such as NIPRNet
to SIPRNet
. A HAG is one example of a Controlled Interface between security levels. HAGs are approved through the Common Criteria
process.
software that examines data coming out of the higher classification subsystem and rejects any data that is classified higher than the lower classification. In general, a HAG allows lower classified data that resides on a higher classified system to be moved to another lower classified system. For example, in the US, it would allow unclassified information residing on a Secret classified system to be moved to another Unclassified system. Through various rules and filters, the HAG ensures that data is of the lower classification and then allows the transfer.
On the application layer, the HAG runs an "evaluated mandatory integrity policy" that provides sensitive files, data and applications protection from inadvertent disclosure. At the operating system level, the HAG must have a multi-level kernel that ensures sensitive information, processes, and devices stored and running on the system at different sensitivity levels cannot intermingle in violation of the system's mandatory security model.
The systems are certified via the Common Criteria; depending on the classification, the system may require Common Criteria Evaluated Assurance Level (EAL) 3 or higher. For examples, in the US, an evaluation at the EAL 5 or EAL 5+ (EAL 5 Augmented) or higher is required to export from a Secret domain to an Unclassified domain.
Some manufacturers may use "Trusted Computer System" or "Trusted Applications with High Assurance" as an equivalent term to HAG.
environments as certain organizations may only have unclassified network access, and they need to send a message to an organization that has only secret network access. The HAG provides them this ability.
Multilevel security
Multilevel security or Multiple Levels of Security is the application of a computer system to process information with different sensitivities , permit simultaneous access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for...
computer device which is used to communicate between different Security Domains
Security Domains
A security domain is the determining factor in the classification of an enclave of servers/computers. A network with a different security domain is kept separate from other networks. Examples: NIPRNet, SIPRNet...
, such as NIPRNet
NIPRNet
The Non-secure Internet Protocol Router Network is used to exchange sensitive but unclassified information between "internal" users as well as providing users access to the Internet. NIPRNet is composed of Internet Protocol routers owned by the United States Department of Defense...
to SIPRNet
SIPRNet
The Secret Internet Protocol Router Network is "a system of interconnected computer networks used by the United States Department of Defense and the U.S. Department of State to transmit classified information by packet switching over the TCP/IP protocols in a 'completely secure' environment"...
. A HAG is one example of a Controlled Interface between security levels. HAGs are approved through the Common Criteria
Common Criteria
The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification...
process.
Operation
A HAG runs multiple virtual machines or physical machines - one or more subsystems for the lower classification, one (or more) subsystems for the higher classification. The hardware runs a type of Knowledge ManagementKnowledge management
Knowledge management comprises a range of strategies and practices used in an organization to identify, create, represent, distribute, and enable adoption of insights and experiences...
software that examines data coming out of the higher classification subsystem and rejects any data that is classified higher than the lower classification. In general, a HAG allows lower classified data that resides on a higher classified system to be moved to another lower classified system. For example, in the US, it would allow unclassified information residing on a Secret classified system to be moved to another Unclassified system. Through various rules and filters, the HAG ensures that data is of the lower classification and then allows the transfer.
On the application layer, the HAG runs an "evaluated mandatory integrity policy" that provides sensitive files, data and applications protection from inadvertent disclosure. At the operating system level, the HAG must have a multi-level kernel that ensures sensitive information, processes, and devices stored and running on the system at different sensitivity levels cannot intermingle in violation of the system's mandatory security model.
The systems are certified via the Common Criteria; depending on the classification, the system may require Common Criteria Evaluated Assurance Level (EAL) 3 or higher. For examples, in the US, an evaluation at the EAL 5 or EAL 5+ (EAL 5 Augmented) or higher is required to export from a Secret domain to an Unclassified domain.
Some manufacturers may use "Trusted Computer System" or "Trusted Applications with High Assurance" as an equivalent term to HAG.
Importance, risks
The HAG is mostly used in email and DMSDefense Message System
The Defense Message System or Defense Messaging System is a deployment of secure electronic mail and directory services in the United States Department of Defense...
environments as certain organizations may only have unclassified network access, and they need to send a message to an organization that has only secret network access. The HAG provides them this ability.
External links
- http://www.deep-secure.com/
- http://www.commoncriteriaportal.org/
- http://csrc.nist.gov/
- http://www.nsa.gov/