Review of Two US Information Barrier Implementations (TRADS & RANGER)

An information barrier allows an automated measurement system to make non-intrusive measurements on sensitive materials by using negotiated threshold values to convert classified numeric results into unclassified pass/fail results. Allowing the Host to supply the measurement system provides confidence that classified information is provided paramount protection. Allowing the Monitor to authenticate the system provides confidence that the results are credible. Fundamental to information barrier design is a fully open or transparent measurement system. Complete documentation provides the basis for authentication and aids the Host's certification process. One authentication goal is to insure the system does not contain any generic \"hidden switch\" feature, which the Host could selectively trigger to alter the inspection results to pass objects erroneously. This paper is based on a review of two US information barrier implementations (TRADS and RANGER) and explores design options, which promote openness, enhance inspectability, and facilitate cost-effective authentication. These properties should be design goals. An open-design multichannel analyzer, which avoids proprietary internal software and data transfer formats, aids gamma-ray spectroscopy. Both sides can have confidence in the results from data collection and analysis software, which is fully documented with complete source code. Confidence increases if the Monitor establishes that all installed software exactly matches a baseline copy prior to each measurement campaign. Without complete understanding of the controlling software, the Monitor is forced to trust that no subtle \"hidden switch\" is included. There is little point in merely exchanging trust in the Host's declaration regarding canister contents for trust in the measurement system or the controlling software. The IB design can aid authentication by reducing the amount of complex software and by using a simple operating system or eliminating the operating system. Problem-resolution protocols can be simplified if a robust design and analysis package is used to avoid unnecessary error conditions. Joint-inspection protocols can be simplified if the system uses good design rules, which avoid inspectability problems. Authentication can be more cost effective if the complexity of multiple computers of different types is avoided. Any reduction in the volume of hardware and software to be understood and inspected reduces authentication costs.