Secure station for special purposes (BSDZS)

  • Project name: Secure station for special purposes (BSDZS)
  • Source of funding: NCRD
  • Project goal: The goal of the project was to develop a secure station for special purposes by integrating currently available virtualisation technologies (both hardware and software). Formal methods were used for ensuring and controlling the confidentiality and integrity of data processing. The methods used included cryptography for securing hard and removable drives (both at the secure system platform and virtual machine level) and user authentication measures.

PROJECT DESCRIPTION:

Developing a secure system platform renders it possible to run several instances of special operating system versions on one machine, ensuring access control, cryptographic protection and strict data flow control. Every instance of a special OS version constitutes a separate security domain. Data can be processed in every domain and assigned different security levels. The security levels can differ in classification (e.g. classified and confidential) or, if they share a classification, the scope of the data processed. The special OS (Linux, Windows) versions are equipped with additional security mechanisms. An important part of the project was an attempt at applying methods of verifying the confidentiality and integrity of data of varying confidentiality levels.

PROJECT RESULTS:

A technologically advanced demo of a secure station for special purposes (hereinafter station), which includes:
  • Secure system platform software
  • Special Windows OS versions and selected Linux/UNIX family OS software in the form of virtual machines
  • Technical and as-is documentation of the station, as well as procedures, recommendations and secure configuration templates
  • Selected cryptographic protection and user authentication solutions

PROJECT PARTICIPANTS:

  • Military University of Technology – Project Leader
  • Military Communication Institute
  • FILBICO
  • NASK (Network and Information Security Methods Team, Research Division)