Metanate were contracted as the principal developers for a military-grade e-mail gateway, designed to pass e-mail between two networks with different security classifications and provide assured separation. This provides comprehensive e-mail vetting supporting:
The gateway was implemented initially on Sun Trusted Solaris (where it was evaluated to a Common Criteria EAL4 Security Target) and was later ported to Sun Solaris 10 with Trusted Extensions.
The gateway is responsible for policing and auditing the e-mail traffic, and for applying rules (checks and modifications) defined in a hierarchical policy according to the sender and recipient addresses.
The gateway supports a wide range of checks on messages, including:
A generic interface to a cryptographic service was implemented, to handle S/MIME signatures and encryption, and lookup and validate X.509 PKI and attribute certificates in an LDAP or X.500 directory.
Policy application may modify messages for onward transmission, for example to delete prohibited attachments or add standard disclaimers. Prototype support for automatic redaction of XML documents containing sensitivity-labelled sections was also developed. Messages may also conditionally be quarantined for an administrator to review and release or discard.
Graphical administration applications permit authorised administrators to define the policy and monitor the gateway operation, and to define X.841 security labelling policies.