The XFER Service is a software system to transfer files between partitions that have different security classifications. Specifically, the system shall be used to transfer files between to partitions with different classifications. These files will contain information which not all users on both partitions of the system is cleared and authorised for, and will hence be marked with the actual classification level. Only files with classification level releasable to the target domain can be transferred.
The mechanism is based on EAL 4 certified MS Windows 2003, and as much functionality as possible is implemented by standard Windows 2003 Server security functions, to make the functionality of the TOE as small as possible. The two transfer areas are installed on two different servers, one in each partition, separated by an EAL 4 certified firewall. The transfer service is installed on a third server, separated from the two partitions with the same firewall. This server contains the XFER domain, the transfer areas, the Event log and the content archive. All transferred files between the high and low partition will go through this server.