SWIPSY
SWIPSY was a firewall toolkit produced by the Defence Evaluation and Research Agency in the UK[1] (later QinetiQ). The SWIPSY toolkit was an ITSEC E3 (equivalent to Common Criteria EAL4) evaluated product[2] that allowed additional code to be added to its security ‘compartments’ without affecting the evaluation status of the toolkit itself.
SWIPSY had security properties that assured network and process separation. In particular processes communicating with one network could not communicate directly with the other network other than by ‘trusted mover agents’ that in turn force data to be passed to the format and content checkers. SWIPSY ran on a Trusted Solaris 8 platform, utilising its Mandatory Access Controls to enforce separation between compartments.
SWIPSY, which stood for SWitch IP SecurelY, was used to build an SNMP firewall system[3] called MIDASS.[4]
SWIPSY technology was licensed by Clearswift for use in its Deep-Secure line of guard products.[5]
SWIPSY was used as the basis for a guard for the Citrix ICA protocol by QinetiQ.[6]
References
- Dean, Tim; Wyatt, Graham (April 2004). Information Exchange between Resilient and High-Threat Networks: Techniques for Threat Mitigation. RTO IST Symposium on “Adaptive Defence in Unclassified Networks”. Toulouse, France.
- "SWIPSY Firewall Platform Security Target" (PDF). August 2000.
- "Management In DomAin-based Secure Systems (MIDASS) (United Kingdom), Encryption and security".
- "MIDASS: Management in Domain Based Secure Systems" (PDF).
- "Directory of Infosec Assured Products" (PDF). October 2010.
- "SyBard ICA Guard" (PDF).