Cross-domain solutions (CDS) are used to share crucial information across security domains and classification levels. Coordination with coalition partners on the battlefield, communication among intelligence organizations, and joint operations for public safety – all rely on CDS to provide sensitive information to legitimate users and prevent it from falling into the wrong hands.
While traditionally associated with defense and intelligence, the need for CDS is much broader with important applications in avionics, transportation, critical infrastructure, and healthcare. In demanding real-time environments, CDS must work under contested conditions, at machine speed, and on resource-constrained platforms and software systems. Achieving this a tall order! Many current techniques for developing CDS fall short – they are time consuming, labor intensive, and prone to misconfiguration.
Peraton Labs’ CLOSURE toolchain was created to fill this gap. CLOSURE, which stands for Cross-domain Language-extensions for Optimal SecUre Refactoring and Execution, enables fast, agile development of provably-secure CDS in software. CLOSURE automates the analysis, refactoring, and partitioning of CDS into distributed enclaves. It features automated program rewriting and code generation that dramatically speed up CDS development, lowering costs and shortening development cycles. CLOSURE’s testing and verification guarantee compliance with information assurance requirements for faster deployment of CDS.
Open-source distributions of CLOSURE are available here for C and Java. Keep reading for information on how CLOSURE works and its features and benefits. Contact us at [email protected] to explore how CLOSURE can accelerate your CDS solution development.
How CLOSURE works.
CLOSURE Features and Benefits.
While traditionally associated with defense and intelligence, the need for CDS is much broader with important applications in avionics, transportation, critical infrastructure, and healthcare. In demanding real-time environments, CDS must work under contested conditions, at machine speed, and on resource-constrained platforms and software systems. Achieving this a tall order! Many current techniques for developing CDS fall short – they are time consuming, labor intensive, and prone to misconfiguration.
Peraton Labs’ CLOSURE toolchain was created to fill this gap. CLOSURE, which stands for Cross-domain Language-extensions for Optimal SecUre Refactoring and Execution, enables fast, agile development of provably-secure CDS in software. CLOSURE automates the analysis, refactoring, and partitioning of CDS into distributed enclaves. It features automated program rewriting and code generation that dramatically speed up CDS development, lowering costs and shortening development cycles. CLOSURE’s testing and verification guarantee compliance with information assurance requirements for faster deployment of CDS.
Open-source distributions of CLOSURE are available here for C and Java. Keep reading for information on how CLOSURE works and its features and benefits. Contact us at [email protected] to explore how CLOSURE can accelerate your CDS solution development.
How CLOSURE works.
- In the first step of the CLOSURE workflow, software developers annotate application source code, using CLOSURE’s language extensions and overlays, to express security intent in-line with the code. CLOSURE’s program analysis capabilities automatically identify conflicts and provide actionable feedback to guide refactoring. This step produces an optimized program partition, which is correct-by-construction.
- In the next step, CLOSURE automates code generation, compilation, and verification. CLOSURE rewrites the partitioned program, automatically generating artifacts and binary code per enclave. The code is compiled to an intermediate representation (LLVM) for program analysis and verification. This step produces provably-correct source code with guaranteed compliance to CDS requirements.
- The final step is comprehensive pre-deployment testing of the partitioned source code in the CLOSURE emulator. CLOSURE’s emulator supports multiple architectures, including diverse hardware and host architectures (QEMU), and scales to distributed multi-domain scenarios.
CLOSURE Features and Benefits.
- Greatly reduces the effort required by developers, engineers, and accreditors to build and deploy CDS applications, producing considerable savings in cost and time-to-field
- Provides security for embedded systems with resource-constrained modules, where cross-domain protections are critically needed, but challenging to implement
- Supports diverse hardware with multiple link technologies and performance characteristics – network systems, backplane buses, and chip-to-chip interconnects
- Easy-to-use CLOSURE visual interface supports the entire workflow from annotation to testing and is based on the widely-used VSCode platform
- With CLOSURE’s straightforward language extensions, developers use the syntax/semantics of the native language to express security intent in-line with code
- Offers developers the ability to perform what-if analysis and iterative co-design to produce optimized executable products
- CLOSURE is not tied to any one specific language -- current distributions are available for C/C++ and Java and distributions for other languages can be readily developed based on user interest
- Interworks easily with other LLVM toolchains, such as the Intel oneAPI open high-performance computing (HPC) toolchain, for agile development of multi-objective solutions