|||||

|||||

“Golf Balls”, RAF Fylingdales, TOP SECRET, 1986
Cyber Attack Map, Kaspersky

Intelligence

Cyber

Military Grade Security At Last

Dave Cridland

Technology Strategist

Military Grade Security At Last

Dave Cridland

Strategic Technologist

Three

may keep a secret,

if two of them

are dead.”

— Benjamin Franklin

“Location 23”

Let me tell you a secret...

Maple Street, Fitzrovia, London W1T 4JZ

51′31″09N, 00′08″20W

UK TOP SECRET

“Dave Cridland”

Let me tell you a secret...

dave.cridland@surevine.com

+44 845 468 1066

UK OFFICIAL—SENSITIVE PERSONAL

NATO CONFIDENTIAL PERSONAL

Churchill on Brevity, SECRET, 1940

Classifications

Policy
Whose terms?
Classification
How secret?
Tags and Caveats
How should I handle this?
Churchill thank-you note, MOST SECRET, 1944

Classifications

“A secret's worth

depends on

the people

from whom it must

be kept.”

— Carlos Ruiz Zaf√≥n

Execution order of Josef Bily, CONFIDENTIAL, 1941

Categories

Access Control
“ANTHROPOID” — And Groups, Restrictive
Releasability
“RELEASABLE TO UK, NATO” — Or Groups, Permissive
Handling Information
“TLP:AMBER”, “PERSONAL” — Caveats, Informational

Clearance

Expression of Trust

“Can I trust the holder to handle this?”

Label

Expression of Confidentiality

“How should I handle this?”

Clearance


{
  policy: "NATO",
  classifications: [1,2,3,4,5],
  categories: [
    {
      type: "permissive",
      name: "releasable",
      values: ["UK"]
    }
  ]
};
					

Label


{
  policy: "NATO",
  classification: 4,
  categories: [
    {
      type: "permissive",
      name: "releasable",
      values: ["UK", "NATO"]
    }
  ]
};
						


	
		ACME UNCLASSIFIED Releasable to SWE/FIN/RUS
		
	
	<body>Is it snowing yet?</body>

						
image/svg+xml
Bletchey Park Decrypt, MOST SECRET ULTRA

Policy

Vocabulary
What classifications, what categories, what tags.
Validity
What tags may I use? Which can't I mix?
Display
Create a display marking from a label
Equivalence
Translate from UK to NATO
Defence against Soviet Threat, TOP SECRET UK EYES A, c.1978

Policy Equivalence

Maintains semantics across organisational boundaries.

Maintains independence between partnering organisations.

“Dave Cridland”

Let me tell you a secret...

dave.cridland@surevine.com

+44 845 468 1066

UK OFFICIAL—SENSITIVE PERSONAL

NATO CONFIDENTIAL PERSONAL

CISP CONFIDENTIAL PII TLP:AMBER

SUREVINE SENSITIVE GDPR

image/svg+xml
SDN.801 Revision C, US UNCLASSIFIED, 1999

Standards

SDN.801(c) ("MISSI")

ITU X.841

XML-SPIF

STANAG 4774 & 4778

ACP-145(A)

XEP-0258, XEP-0314

RFC 2634, RFC 7444

Himmler Stamps, TOP SECRET, 1945

Spiffing

Spiffing

MIT licensed

Modern C++

XML-SPIF, STANAG 4774

MISSI/ACP-145(A)


auto spif = Site::site().load(spif_file);
std::cout << "Loaded SPIF " << spif->name();
Label label(label_string, Format::ANY);
std::cout << "Label: " << label.displayMarking("FR-ca");
if (!label.valid()) {
	std::cout << "Label not valid!";
}
Clearance clearance(clr_string, Format::ANY);
std::cout << "Clearance: " << clearance.displayMarking();
auto newLabel = label->encrypt(clearance.policy());
if (clearance.policy().acdf(*newLabel, clearance)) {
	std::string output = newLabel.write(Format::NATO);
}
					
Secret Nazi Monks, SECRET, 1942

Testing

Testing

Fuzz Testing (AFL)

Data-driven test framework

Valgrind

>90% Coverage, gap analysis

FVEY Formation, TOP SECRET, 1946

Summary

Summary

Labels are Awesome

Originator-driven

Data-bound

Autonomy and cooperation

Free code

Please ask a question

It helps with my imposter symdrome