Virtual vaults

The National Security Agency has developed a powerful security system that could make working with classified documents easier and less costly. This system, called NetTop, might prove particularly valuable for GovNet, a proposed secure government network, and other planned homeland security systems, said industry officials and analysts.Developed by the NSA and VMWare Inc., NetTop allows an individual computer to connect simultaneously to networks of different security levels without compromising the safety of any one network.The agency is now seeking integrators to incorporate the new system in their own solutions for other government agencies, said Edouard Bugnion, co-founder and chief architect of VMWare. The Palo Alto, Calif., company developed the solution after signing a cooperative research and development agreement with the agency in January 2001.NetTop may solve a growing problem in many agencies: Government employees having multiple computers in their work areas, each for a different security environment. Multiple workstations for each employee clutter the desk and are unnecessarily costly; yet merging separate environments into one machine jeopardizes security, because there is no proven mechanism to prevent an application in a less secure area from tapping into the more secure one, Bugnion said.To solve this problem, NetTop facilitates multiple sessions on a single computer, establishing virtual "vaults" for each session. Users can have separate virtual computers on one machine and even access them simultaneously, but NetTop controls what data, if any, can be moved from one session to another. This design can be potentially useful in government, particularly in homeland security work, said Martin Dean, a fellow at the Cyberspace Policy Institute, an organization at George Washington University in Washington that studies how policy and computer systems interact.For instance, agencies tasked to share data among themselves for homeland security needs could be assured their information stays secure through NetTop. Also, GovNet, the secure independent network proposed by Bush administration cyberspace security czar Richard Clarke, could be easily implemented on a large scale using NetTop, eliminating the need to purchase GovNet-only computers. NetTop is composed of a number of elements. VMWare provides the software that allows multiple operating systems to run simultaneously on one computer. During last month's FOSE 2002 trade show, VMWare representatives ran demonstrations of how a computer using VMWare software could run two separate operating systems at once, one connected to a public network and the other to a private network. The information from each network is displayed for the user on different windows.To ensure that activity of each operating system remains within its own perimeter, the NetTop design runs the VMWare software on top of Security Enhanced Linux, a modified operating system that was also developed by NSA."An extremely fine-grained, mandatory access control" is implemented in SE Linux, said Peter Loscocco of the information assurance research group at NSA. This control mechanism monitors each process an application initiates, assuring that hackers or even badly written programs can't gain control of the system.SE Linux was also designed to ensure segregation of data, Loscocco said during an SE Linux talk at FOSE. "Data in different areas can't touch one another. This is something operating systems today cannot guarantee," he said. The NetTop design also calls for a chip, sold by Dallas-based Dallas Semiconductor Corp., that is programmed to check for hardware failures, as well as a trusted BIOS chip being developed by NSA. While NSA and VMWare were developing this system, other agencies were independently developing solutions to address the same problems, said Mark Westerman, a senior consultant at the Houston integrator WestCam Inc."I was amazed when I first saw NetTop. It was almost the exact same thing we were doing," Westerman said. WestCam was working for NASA to combine multiple workstations into single units. The company had developed a similar design employing VMware software, but was using another underlying operating system, he said. This, however, wasn't working out, and so when VMWare introduced Westerman to the NetTop design, he switched over the SE Linux. Lockheed Martin Corp., Bethesda Md., also incorporated a similar approach for its $3 billion Consolidated Space Operations Contract at NASA Johnson Space Center. As part of the contract, the company set up a "storefront" program at university campuses where students hired to perform security-sensitive software engineering can use single computers for all their tasks, eliminating the expense of installing new security-hardened boxes just for specialized duties. "Not only could we buy fewer machines, we could also minimize physical network connections while managing our complicated security requirements," said Nancy Patterson, the NASA engineering director for the contract.That there are similar but independent projects "validates the NetTop concept as a viable one," said Westerman. NSA first conceived NetTop as part of its drive to incorporate commercial, off-the-shelf technologies in its systems as a way to reduce costs and ease upgrades. The agency found that many commercial applications weren't up to its security standards, and that it didn't have much influence in prodding these companies to improve these products, according to an article on NetTop in the NSA technology transfer publication Tech Trend Notes.So, NetTop was designed as a safe container in which insecure programs could be executed. Despite the fact that NetTop uses a multilayered operating system approach, performance remains close to that of non-secured systems, according to NSA. The agency released a comparison, done by Air Force Capt. Jordan Cochran, showing Microsoft Corp.'s Windows NT operating system runs at approximately 80 percent of the speed under NetTop as it does without it. "Overall, the performance of the NetTop prototype is quite satisfactory for the typical office application," NSA said.