Re: [Predisclosure-applications] Predisclosure list membership application - AIS, Inc.

[John Connelly <connellyj@xxxxxxxxxxxx>]

Xen Security Team,

 

We have noticed that we have been added to the predisclosure list and would like to thank you for your decision.   If you could update the listing from our website to our company AIS, Inc. that would be appreciated.

 

Thanks

John

 

John P. Connelly | AIS

Operations Manager | Trusted Computing Team

O: (315) 336-3306 ext 520

C: (315) 380-6251

F: (315) 336-3307

connellyj@xxxxxxxxxxxx

 

 

 

 

---

From: xensecurity
Sent: Monday, October 19, 2015 5:38 PM
To: predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
Cc: John Connelly
Subject: Predisclosure list membership application - AIS, Inc.

Dear Xen Project Security Team,

 

Assured Information Security, Inc submits this application for acceptance for predisclosure list membership.

 

Name of organization:        Assured Information Security, Inc. (AIS, Inc.)

                                         153 Brooks Rd, Rome NY 13441

                                         315-336-3306

 

Domain Names:

www.ainfosec.com – corporate main site

http://www.secureview.systems/  - Domain owned by AIS, not used

 

Criteria description:  AIS, Inc. is a small business located in upstate New York focused on cyber security primarily in government opportunities.  AIS, Inc. has two primary Xen based products. The first is called SecureView which is a secure workstation developed by AIS, Inc. for the Air Force Research Laboratory.  SecureView is based on the XenClient solution developed originally by XenSource and later transitioned to Citrix Systems. SecureView is a fully accredited Multiple Independent Levels of Security (MILS) platform that is deployed to over 14 DoD and Intelligence communities.  As the primary developer of this product and the classification levels that the platform installed at requires that AIS, Inc. receive as early notice of vulnerabilities that might impact national security systems running on the SecureView platform.

 

In August of 2014 AIS, Inc. entered into a business transaction with Citrix for transition and purchase of their XenClientXT (XCXT)  product line.  As of March 7^th of 2015 that transaction was completed and AIS, Inc. is now the owner and license holder of the XCXT Product. See attached document (confidential) titled “FINAL AIS_Citrix_Asset_Purchase_Agreement”.   There has not as of yet been an official public release of this transition due to restrictions in the binding agreement.  For more information on SecureView capabilities visit the SecureView main page below.  Note: SecureView is considered a government solution and is not commercially sold at this time, AIS, Inc. has received authorization to commercialize a “lite” version of the solution and that IRaD project is ongoing.

 

Web pages/software download:

·         SecureView information site:  http://www.ainfosec.com/secureview/

 

Current customers/users of the SecureView product are less than 2,500.  Expected customers/users based on actual customer’s request should exceed 10,000 by Q4 2016. 

 

A second product that is produced by AIS, Inc. is called IntroVirt.  IntroVirt is a commercial product as well as product used by government customers.  It is a Xen based solution that allows introspection into guest OS from the hypervisor.

 

Web pages/software download:

 

·         http://www.ainfosec.com/introvirt/#

·         https://www.youtube.com/watch?v=r16cYrqTb-Y

 

open-source related projects:  The current deployed SecureView platform uses the Citrix XenClient product as the underlying hypervisor.  On July 30th, 2015 AIS, Inc. released a new version of SecureView (2.1) to AFRL that will replace the XenClient 3.2 product with Citrix open sourced OpenXT hypervisor.  This product is currently going through certification, testing and evaluation (CT&E) with the government accreditation authorities and planned for operation use by Dec 2015.  AIS is the largest contributor at this time the OpenXT community with more than 15 full time contributors.  For more information on OpenXT please visit: http://openxt.org/

 

Evidence of Xen user/distributor: SecureView is considered a government off the shelf solution (GOTS) based on commercial software (XenClient).  The final SecureView platform is listed on the Unified Cross Domain Management Office and is considered export controlled and therefore can not be made available for public download.  Requests for the software must be handled directly.  OpenXT is an open source project and available for public download at  http://openxt.org/.   Development is hosted on Github, Jira, and within google groups.

 

Security handling: AIS has a single point of contact for security related issues xensecurity@xxxxxxxxxxxx and is listed at the bottom of our product page; http://www.ainfosec.com/emerging-technologies/

 

Links to presentations, social media: (due to export restrictions only certain information can be made public)

·         SecureView slick sheet - http://www.ainfosec.com/wp-content/uploads/2013/05/AIS-SecureView-Overview.pdf

·         IntroVirt information sheet - http://www.ainfosec.com/wp-content/uploads/2013/11/AIS_IntroVirt_Nov13.pdf

Security policy agreement:  AIS, Inc. has read the policy related to the predisclosure list membership process and agrees to abide by the terms (confidentiality and embargo process) if accepted for inclusion in the list. 

Single email alias for predisclosure list:  xensecurity@xxxxxxxxxxxx

 

 

John P. Connelly | AIS

Operations Manager | Trusted Computing Team

ainfosec.com

O: (315) 336-3306 ext 520

C: (315) 380-6251

F: (315) 336-3307

connellyj@xxxxxxxxxxxx

 

 

_______________________________________________
Predisclosure-applications mailing list
Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications