Saturday, November 27, 2010

High Assurance Platform Criteria

The National Security Agency (NSA) has released the High Assurance Platform program (HAPR1) that offers a multi-security level workstation solution. This provides for simultaneous access to multiple networks of different security levels via virtual machines running on the same platform. The workstation platform then makes possible the separation of security domains without any information sharing between domains. The HAPR1 workstation and the network security levels range from either Unclassified to Secret or Secret/Releasable to Top Secret/SCI.

Hardware-assisted virtualization technology has emerged as a technology that improves on traditional software-based virtualization solutions. Hardware-assisted virtualization reduces the size, complexity, and processing time of the controlling software. This enables more streamlined virtualization software and "near native" performance characteristics while providing for stronger separation between the virtual machines.

HAPR1 uses the hardware-assisted virtualization services provided by the microprocessor to manage multiple virtual machine execution environments and to enforce separation between the virtual machine environments. The virtual machines can then host different operating systems of different security levels.

Operational Description
HAPR1 supports the execution of multiple guest operating systems running concurrently on a single physical machine. It allows these guest operating systems to be connected to networks with different security levels. To accomplish this, HAPR1 utilizes hardware-assisted Virtual Machine (VM) technology to provide logically separated and isolated virtual machine (VM) execution environments. Each VM hosted on the physical platform is able to connect to a single-level, system-high network. Individual VMs can run supported guest operating systems without modification (i.e., right out of the box); each instance of the operating system (OS) runs as if it were the only OS in the computer.

The HAPR1 provides an environment where the guest operating systems are displayed in their own individual windows. To accomplish this, the HAPR1 provides a window manager and an execution environment for it to run. Illustration below shows an example screenshot of an instance of HAPR1 running two virtual machines, each running Microsoft XP Professional as guest operating systems in their own virtual machine window.


HAPR1 is intended for use in National Security Systems and configured to allow access to multiple system-high networks of different security-levels ranging from either Unclassified to Secret/Releasable or Secret/Releasable to Top Secret/SCI in a physically protected environment. The platform is authorized to run in one of the following configurations:

HAPR1 is to be connected to one or more single-level networks within a protected enclave. The HAPR1 can be connected to multiple networks via multiple Network Interface Cards (NICs) (where a single-level NIC is required per security level) or via a single NIC when using NSA/IAD approved network encryption components.

SUMMARY
HAPR1 is a part of the NSA Computing Platform Architecture and Security Criteria (CPC). These are documents that formally define the computing platform architecture, the platform components, and the computing platform instances. The CPC is the basis against which product developers can demonstrate component-level or component set-level compliance of their products, and system integrators can demonstrate platform-level compliance of the platforms they integrate.

Text of this blog largely extracted from http://www.nsa.gov/ia/programs/h_a_p/releases/hapr1.shtml and from http://www.nsa.gov/ia/programs/h_a_p/computing_platform_architecture_and_security_criteria/index.shtml 

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com