The XTS-400 is a
multilevel
Multilevel or multi-level may refer to:
* A hierarchy, a system where items are arranged in an "above-below" relation.
* A system that is composed of several layers.
* Bombardier MultiLevel Coach, a passenger rail car by Bombardier.
See also < ...
secure computer
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
. It is
multiuser
Multi-user software is computer software that allows access by multiple users of a computer. Time-sharing systems are multi-user systems. Most batch processing systems for mainframe computers may also be considered "multi-user", to avoid leaving t ...
and
multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports
Gigabit Ethernet
In computer networking, Gigabit Ethernet (GbE or 1 GigE) is the term applied to transmitting Ethernet frames at a rate of a gigabit per second. The most popular variant, 1000BASE-T, is defined by the IEEE 802.3ab standard. It came into use i ...
and both
IPv4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
and
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
.
The XTS-400 is a combination of
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
x86
x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...
hardware and the Secure Trusted Operating Program (STOP)
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
. XTS-400 was developed by
BAE Systems
BAE Systems plc (BAE) is a British multinational arms, security, and aerospace company based in London, England. It is the largest defence contractor in Europe, and ranked the seventh-largest in the world based on applicable 2021 revenues. ...
, and originally released as version 6.0 in December 2003.
STOP provides ''high-assurance'' security and was the first general-purpose operating system with a
Common Criteria
The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5.
Common Criteria ...
assurance level rating of EAL5 or above. The XTS-400 can host, and be trusted to separate, multiple, concurrent data sets, users, and networks at different sensitivity levels.
The XTS-400 provides both an ''untrusted'' environment for normal work and a
trusted environment for administrative work and for privileged applications. The untrusted environment is similar to traditional
Unix
Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
environments. It provides binary compatibility with
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
applications running most Linux commands and tools as well as most Linux applications without the need for recompiling. This untrusted environment includes an
X Window System
The X Window System (X11, or simply X) is a windowing system for bitmap displays, common on Unix-like operating systems.
X provides the basic framework for a GUI environment: drawing and moving windows on the display device and interacting wit ...
GUI
The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...
, though all windows on a screen must be at the same sensitivity level.
To support the trusted environment and various security features, STOP provides a set of proprietary
API
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
s to applications. In order to develop programs that use these proprietary
APIs, a special software development environment (SDE) is needed. The SDE is also needed in order to port some complicated Linux/Unix applications to the XTS-400.
A new version of the STOP operating system, STOP 7 has since been introduced, with claims to have improved performance and new features such as
RBAC
In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users. It is an approach to implement mandatory access control (MAC) or discretionary access control ( ...
.
Uses
As a high-assurance,
MLS
Major League Soccer (MLS) is a men's professional soccer league sanctioned by the United States Soccer Federation, which represents the sport's highest level in the United States. The league comprises 29 teams—26 in the U.S. and 3 in Canada ...
system, XTS-400 can be used in
cross-domain solution
A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software, and sometimes hardware, that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of ...
s, which typically need a piece of privileged software to be developed which can temporarily circumvent one or more security features in a controlled manner. Such pieces are outside the CC evaluation of the XTS-400, but they can be accredited.
The XTS-400 can be used as a desktop, server, or network gateway. The interactive environment, typical Unix
command line tools, and a GUI are present in support of a desktop solution. Since the XTS-400 supports multiple, concurrent network connections at different sensitivity levels, it can be used to replace several
single-level desktops connected to several different networks.
In support of server functionality, the XTS-400 can be implemented in a
rackmount
A 19-inch rack is a standardized frame or enclosure for mounting multiple electronic equipment modules. Each module has a front panel that is wide. The 19 inch dimension includes the edges or "ears" that protrude from each side of the equ ...
configuration, accepts an
uninterruptible power supply
An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. A UPS differs from an auxiliary or emergency power system ...
(UPS), allows multiple network connections, accommodates many
hard disk
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magnet ...
s on a
SCSI
Small Computer System Interface (SCSI, ) is a set of standards for physically connecting and transferring data between computers and peripheral devices. The SCSI standards define commands, protocols, electrical, optical and logical interface ...
subsystem (also saving disk blocks using a ''sparse file'' implementation in the
file system
In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
), and provides a trusted backup/save tool. Server software, such as an Internet daemon, can be ported to run on the XTS-400.
A popular application for high-assurance systems like the XTS-400 is to guard information flow between two networks of differing security characteristics. Several customer guard solutions are available based on XTS systems.
Security
XTS-400 version 6.0.E completed a Common Criteria (CC) evaluation in March 2004 at EAL4 augmented with ALC_FLR.3 (validation report CCEVS-VR-04-0058.) Version 6.0.E also conformed with the protection profiles entitled Labeled Security Protection Profile (LSPP) and
Controlled Access Protection Profile The Controlled Access Protection Profile, also known as CAPP, is a Common Criteria security profile that specifies a set of functional and assurance requirements for information technology products. Software and systems that conform to CAPP standard ...
(CAPP), though both profiles are surpassed in functionality and assurance.
XTS-400 version 6.1.E completed evaluation in March 2005 at EAL5 augmented with ALC_FLR.3 and ATE_IND.3 (validation report CCEVS-VR-05-0094), still conforming to the LSPP and CAPP. The EAL5+ evaluation included analysis of covert channels and additional vulnerability analysis and testing by the
National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
.
XTS-400 version 6.4.U4 completed evaluation in July 2008 at EAL5 augmented with ALC_FLR.3 and ATE_IND.3 (validation report CCEVS-VR-VID10293-2008), also still conforming to the LSPP and CAPP. Like its predecessor, it also included analysis of covert channels and additional vulnerability analysis and testing by the
National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
.
The official postings for all the XTS-400 evaluations can be seen on the Validated Product List.
The main security feature that sets STOP apart from most operating systems is the mandatory sensitivity policy. Support for a mandatory integrity policy, also sets STOP apart from most
MLS
Major League Soccer (MLS) is a men's professional soccer league sanctioned by the United States Soccer Federation, which represents the sport's highest level in the United States. The league comprises 29 teams—26 in the U.S. and 3 in Canada ...
or trusted systems. While a sensitivity policy deals with preventing unauthorized disclosure, an integrity policy deals with preventing unauthorized deletion or modification (such as the damage that a
virus
A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea.
Since Dmitri Ivanovsky's 1 ...
might attempt). Normal (i.e., untrusted) users do not have the ''discretion'' to change the sensitivity or integrity levels of objects. The
Bell–LaPadula and
Biba
Biba was a London fashion store of the 1960s and 1970s. Biba was started and primarily run by the Polish-born Barbara Hulanicki with help of her husband Stephen Fitz-Simon.
Early years
Biba's early years were rather humble, with many of the ou ...
formal models are the basis for these policies.
Both the sensitivity and integrity policies apply to all users and all objects on the system. STOP provides 16 hierarchical sensitivity levels, 64 non-hierarchical sensitivity categories, 8 hierarchical integrity levels, and 16 non-hierarchical integrity categories. The mandatory sensitivity policy enforces the
United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
Department of Defense Department of Defence or Department of Defense may refer to:
Current departments of defence
* Department of Defence (Australia)
* Department of National Defence (Canada)
* Department of Defence (Ireland)
* Department of National Defense (Philipp ...
data sensitivity classification model (i.e., "Unclassified," "Secret," "Top Secret"), but can be configured for commercial environments.
Other security features include:
* Identification and
authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
, which forces users to be uniquely identified and authenticated before using any system services or accessing any information; the user's identification is used for access control decisions and for accountability via the auditing mechanism;
*
Discretionary access control
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to w ...
(DAC), which appears just as in
Unix
Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
, including the presence of
access control list
In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on giv ...
s on every object; the set-id function is supported in a controlled fashion;
* A mandatory ''subtype'' policy, which allows some of the functionality of trusted systems which support a full ''type enforcement'' or ''domain-type enforcement'' policy;
* Auditing of all security-relevant events and trusted tools to allow administrators to detect and analyze potential security violations;
*
Trusted path A trusted path or trusted channel is a mechanism that provides confidence that the user is communicating with what the user intended to communicate with, ensuring that attackers can't intercept or modify whatever information is being communicated.
...
, which allows a user to be sure s/he is interacting directly with the ''trusted security functions'' (TSF) during sensitive operations; this prevents, for example, a
Trojan horse
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
from
spoofing the login process and stealing a user's password;
* Isolation of the operating system code and data files from the activity of untrusted users and processes which, in particular, prevents
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
from corrupting or otherwise affecting the system;
* Separation of processes from one another (so that one process/user cannot tamper with the internal data and code of another process);
*
Reference monitor
In operating systems architecture a reference monitor concept defines a set of design requirements on a reference validation mechanism, which enforces an access control policy over subjects' (e.g., processes and users) ability to perform operations ...
functionality, so that no access can bypass scrutiny by the operating system;
* Strong separation of administrator, operator, and user roles using the mandatory integrity policy;
* Residual information (i.e., object reuse) mechanisms to prevent data scavenging;
* Trusted, evaluated tools for configuring the system, managing security-critical data, and repairing file systems;
* Self-testing of security mechanisms, on demand;
* Exclusion of higher layer network services from the TSF, so that the TSF is not susceptible to the publicly known vulnerabilities in those services.
STOP comes in only a single package, so that there is no confusion about whether a particular package has all security features present. Mandatory policies cannot be disabled. Policy configuration does not require a potentially complicated process of defining large sets of domains and data types (and the attendant access rules).
To maintain the trustworthiness of the system, the XTS-400 must be installed,
booted, and configured by trusted personnel. The site must also provide
physical protection of the hardware components. The system, and software upgrades, are shipped from BAE Systems in a secure fashion.
For customers who want them, XTS-400 supports a
Mission Support Cryptographic Unit
Mission (from Latin ''missio'' "the act of sending out") may refer to:
Organised activities Religion
*Christian mission, an organized effort to spread Christianity
*Mission (LDS Church), an administrative area of The Church of Jesus Christ of ...
(MSCU) and
Fortezza
Fortezza is an information security system that uses the Fortezza Crypto Card, a PC Card-based security token. It was developed for the U.S. government's Clipper chip project and has been used by the U.S. Government in various applications.
Ea ...
cards. The MSCU performs
''type 1'' cryptography and has been separately scrutinized by the
United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
.
Hardware
The CC evaluation forces particular
hardware to be used in the XTS-400. Though this places restrictions on the hardware configurations that can be used, several configurations are possible. The XTS-400 uses only standard PC,
commercial off-the-shelf
Commercial off-the-shelf or commercially available off-the-shelf (COTS) products are packaged or canned (ready-made) hardware or software, which are adapted aftermarket to the needs of the purchasing organization, rather than the commissioning of ...
(COTS) components, except for an optional
Mission Support Cryptographic Unit
Mission (from Latin ''missio'' "the act of sending out") may refer to:
Organised activities Religion
*Christian mission, an organized effort to spread Christianity
*Mission (LDS Church), an administrative area of The Church of Jesus Christ of ...
(MSCU).
The hardware is based on an Intel
Xeon
Xeon ( ) is a brand of x86 microprocessors designed, manufactured, and marketed by Intel, targeted at the non-consumer workstation, server, and embedded system markets. It was introduced in June 1998. Xeon processors are based on the same arc ...
(
P4)
central processing unit
A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, an ...
(CPU) at up to 2.8 GHz speeds, supporting up to 2 GB of main memory.
A
Peripheral Component Interconnect
Peripheral Component Interconnect (PCI) is a local computer bus for attaching hardware devices in a computer and is part of the PCI Local Bus standard. The PCI bus supports the functions found on a processor bus but in a standardized format th ...
(PCI) bus is used for add-in cards such as
Gigabit Ethernet
In computer networking, Gigabit Ethernet (GbE or 1 GigE) is the term applied to transmitting Ethernet frames at a rate of a gigabit per second. The most popular variant, 1000BASE-T, is defined by the IEEE 802.3ab standard. It came into use i ...
. Up to 16 simultaneous
Ethernet
Ethernet () is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...
connections can be made, all of which can be configured at different mandatory security and integrity levels.
A
SCSI
Small Computer System Interface (SCSI, ) is a set of standards for physically connecting and transferring data between computers and peripheral devices. The SCSI standards define commands, protocols, electrical, optical and logical interface ...
subsystem is used to allow a number of high-performance peripherals to be attached. One SCSI peripheral is a
PC Card
In computing, PC Card is a configuration for computer parallel communication peripheral interface, designed for laptop computers. Originally introduced as PCMCIA, the PC Card standard as well as its successors like CardBus were defined and devel ...
reader that can support
Fortezza
Fortezza is an information security system that uses the Fortezza Crypto Card, a PC Card-based security token. It was developed for the U.S. government's Clipper chip project and has been used by the U.S. Government in various applications.
Ea ...
. Multiple
SCSI host adapter
A SCSI host adapter is a device used to connect one or more other SCSI devices to a computer bus. It is commonly called a SCSI controller, which is not strictly correct as any component understanding the SCSI protocol can be called a controller. ...
s can be included.
History
The XTS-400 has been preceded by several evaluated ancestors, all developed by the same group: Secure Communications Processor (SCOMP), XTS-200, and XTS-300. All of the predecessor products were evaluated under
Trusted Computer System Evaluation Criteria
Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCS ...
(TCSEC) (a.k.a.
Orange Book) standards. SCOMP completed evaluation in 1984 at the highest functional and assurance level then in place: A1. Since then the product has evolved from proprietary hardware and interfaces to commodity hardware and Linux interfaces.
The XTS-200 was designed as a general-purpose operating system supporting a
Unix-like
A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
application and user environment. XTS-200 completed evaluation in 1992 at the B3 level.
The XTS-300 transitioned from proprietary, mini-computer hardware to COTS, Intel x86 hardware. XTS-300 completed evaluation in 1994 at the B3 level. XTS-300 also went through several ratings maintenance cycles (a.k.a. RAMP), very similar to an ''assurance continuity'' cycle under CC, ultimately ending up with version 5.2.E being evaluated in 2000.
Development of the XTS-400 began in June 2000. The main customer-visible change was specific conformance to the
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
API
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
. Though the security features of the XTS system put some restrictions on the API and require additional, proprietary interfaces, conformance is close enough that most applications will run on the XTS without recompilation. Some security features were added or improved as compared to earlier versions of the system and performance was also improved.
As of July 2006, enhancements continue to be made to the XTS line of products.
On September 5, 2006, the
United States Patent Offices granted BAE Systems Information Technology, LLC. United States Patent # 7,103,914 "Trusted computer system".
Architecture
STOP is a
monolithic kernel
A monolithic kernel is an operating system architecture where the entire operating system is working in kernel space. The monolithic model differs from other operating system architectures (such as the microkernel architecture) in that it alone ...
operating system (as is Linux). Though it provides a Linux-compatible API, STOP is not derived from
Unix
Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
or any
Unix-like
A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
system. STOP is highly layered, highly modularized, and relatively compact and simple. These characteristics have historically facilitated high-assurance evaluations.
STOP is layered into four ''rings'' and each ring is further subdivided into layers. The innermost ring has hardware privilege and applications, including privileged commands, run in the outermost. The inner three rings constitute the ''
kernel
Kernel may refer to:
Computing
* Kernel (operating system), the central component of most operating systems
* Kernel (image processing), a matrix used for image convolution
* Compute kernel, in GPGPU programming
* Kernel method, in machine learnin ...
''. Software in an outer ring is prevented from tampering with software in an inner ring. The kernel is part of every process's
address space
In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.
For software programs to save and retrieve st ...
and is needed by both normal and privileged processes.
A ''
security kernel
In telecommunication, the term security kernel has the following meanings:
#In computer and communications security, the central part of a computer or communications system hardware, firmware, and software that implements the basic security ...
'' occupies the innermost and most privileged ring and enforces all mandatory policies. It provides a virtual process environment, which isolates one process from another. It performs all low-level scheduling,
memory management
Memory management is a form of resource management applied to computer memory. The essential requirement of memory management is to provide ways to dynamically allocate portions of memory to programs at their request, and free it for reuse when ...
, and interrupt handling. The security kernel also provides
I/O services and an
IPC message mechanism. The security kernel's data is global to the system.
Trusted system services (TSS) software executes in ring 1. TSS implements file systems, implements
TCP/IP
The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...
, and enforces the
discretionary access control
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to w ...
policy on file system objects. TSS's data is local to the process within which it is executing.
Operating system services (OSS) executes in ring 2. OSS provides Linux-like API to applications as well as providing additional proprietary interfaces for using the security features of the system. OSS implements signals, process groups, and some memory devices. OSS's data is local to the process within which it is executing.
Software is considered trusted if it performs functions upon which the system depends to enforce the
security policy
Security policy is a definition of what it means to ''be secure'' for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms ...
(e.g., the establishment of user authorization). This determination is based on integrity level and privileges. Untrusted software runs at integrity level 3, with all integrity categories, or lower. Some processes require privileges to perform their functions—for example the Secure Server needs to access the User Access Authentication database, kept at ''system high'', while establishing a session for a user at a lower sensitivity level.
Potential weaknesses
The XTS-400 can provide a high level of security in many application environments, but trade-offs are made to attain it. Potential weaknesses for some customers may include:
* Lower performance due to more rigid internal layering and modularity and to additional security checks;
* Fewer application-level features available out-of-the-box;
* Some source level changes may be necessary to get complicated applications to run;
* The trusted user interface does not utilize a GUI and has limited command line features;
* Limited hardware choices;
* Not suited for embedded or real-time environments.
References
External links
* , BAE
XTS-400 EAL5+ validated product pageXTS-400 EAL5+ archived validated product pageXTS-400 EAL4+ archived validated product page*
ttp://www.nsa.gov/research/_files/selinux/papers/inevitability.pdf Paper on the need for secure operating systems and mandatory securityMonterey Security Architecture (MYSEA) a
Naval Postgraduate School
The Naval Postgraduate School (NPS) is a public graduate school operated by the United States Navy and located in Monterey, California.
It offers master’s and doctoral degrees in more than 70 fields of study to the U.S. Armed Forces, DOD ci ...
project which utilized the STOP OS
XMPP & Cross Domain Collaborative Information Environment (CDCIE) Overview multinational information sharing in both single and cross domain environments (utilizes STOP OS)
{{DEFAULTSORT:Xts-400
BAE Systems
Operating system security
Computer security procedures
Evaluation of computers