XML security labels for an exchange of information across domains
The automatic information flow between different security domains or within multi-level security architectures requires data objects to be labelled, i.e. security labels are added to the data objects (e.g. a file or an electronic notification). A security label is a machine-readable quantity of structured metadata that contains information about the classification of the object and further optional categories.
INFODAS GmbH develops pioneering solutions in the field of the electronic labelling of data objects. Its SDoT Labelling Service® is a flexible labelling component that for example can be integrated into existing and future C4ISR systems as a web service.
The SDoT Labelling Service® is required to meet the exacting stipulations of the BSI, such as the successful evaluation under CC EAL4+ for deployment up to a classification of SECRET.
- Label generation
The SDoT Labelling Service® generates XML security labels based on the specifications of the corresponding data objects. The security label is securely linked to the data object via a digital signature which guarantees the integrity and authenticity of the data.
- Label verification
The SDoT Labelling Service® checks the integrity and validity of the security labels by verifying the digital signature and validation against predefined security policies. The system also offers capability for attributes of the security label to be read out.
- Configuration and management
The SDoT Labelling Service® can be configured in line with clients’ wishes and stipulations. These may include for instance settings for encryption and hash procedures, the security policy used etc.
- Can be easily integrated into existing environments
- Bolsters cyber-defence capabilities
- Supports interoperability between different military organisations and their partners
- The security labels comply with the recommendations of the NATO Research Task Group on XML in Cross Domain Security Solutions (IST-068/RTG-031) and the IEG Road Map. This relates to the specification regarding the XML confidentiality label and metadata binding.
- The SDoT®Security Gateway product, which is used at INFODAS GmbH’s domain transitions, in conjunction with the SDoT Labelling Service®, is a high-performance, coordinated solution that can be flexibly customised in line with the specific operational deployment environment.
- The SDoT Labelling Service® is deployed operationally in a range of different projects and has already proven its effectiveness in many situations.