A post’s title on Bruce Schneier’s blog really caught my attention about the Navy applying for a patent for what looked like a network firewall. This was also picked up by Slashdot. As it turns out this is probably not the case..at least not in the way most of us think of a firewall. Here is an excerpt from the Patent application.
“In a communication system having a plurality of networks, a method of achieving network separation between first and second networks is described. First and second networks with respective first and second degrees of trust are defined, the first degree of trust being higher than the second degree of trust.”
Sure sounds like a network firewall doesn’t it? In many respects it is but for a different type of network. This patent apparently deals with classification of data (Top Secret, Secret, etc.) and restricting data only to systems designed to handle certain classifications. So rather than blocking a packet based on it’s destination IP / Port this type of firewall would block Top Secret information from getting on to a Secret or unclassified network. Keeping this type of segregation while still trying to provide timely and reliable access to different classifications of data is challenge.
As an Intelligence Analyst I can remember having no less than 4 systems that I used. There was one for Top Secret, Secret, unclassified and public internet. Technically there was a 5th system inside Top Secret that was used for SCI access. Now imagine your job is to collect data from various sources and produce a report. Having to work on multiple systems while trying to track references was a hassle. The NSA and other agencies have been working with virtualization technologies so that an analyst can sit in front of one system and have access to the various levels of classified information. Think of it as having a VMWare virtual machine guest image for each of the classified systems and a host machine to run them all. Data leakage between the VM’s is an area of great concern. This is where the mentioned patent could come in.
Funny thing though…there are other companies that do this like Tenix. I would have thought for sure there would be some Prior Art found when researching this patent application.
–Chris
Technorati Tags: Firewall, Navy, classified, patent
Leave a Reply