Brussels / 30 & 31 January 2016


Spiffing - Military grade security

No, really this time.

Spiffing is a modern C++ MIT-licensed library for handling machine-readable security labels, of the type used by military, government, and intelligence systems throughout the world. Ever wanted to understand those "TOP SAUSAGE SIGINT RODEO" things you see in the news? Come along and find out.

This lightning talk is not classified, but if it were, Spiffing could tell you not only what classification it was, but what categories were used as well, how to represent that as text and colour, and who would be allowed to see it.

These techniques have been the cornerstone of "multi-level security", the gold standard for high-security systems, for the past three decades, but the specifications are hard to find, often not public, and up until now there have been no freely available implementations. This has limited not only the use of open-source within high-security markets, but also the use of these very useful security practises throughout industry. Spiffing opens this technology to everyone.

This talk will give a crash-dive into what a security label really is, how clearances work, what a security policy is and how it's represented, and what Spiffing can do with them. I'll end with a rapid demo, showing a secure collaboration system built on open-source, that I'll be showing in more detail in the Real-time Lounge throughout the weekend.


Photo of Dave Cridland Dave Cridland