Research Menu

Skip Search Box




Technical Challenge:

To create a user workstation computing architecture based primarily on COTS technology that can function seamlessly under varying levels of information assurance requirements while still presenting an easy-to-use interface, and managed COTS environment.


NetTop® is the result of a significant and continuing research effort based on the technical challenge referenced above. Broadly, NetTop is a building block-based architecture and associated prototypes, predominately based on COTS, and designed to address a series of different information assurance requirements. As a by-product, the NetTop architecture reduces the physical and environmental footprint issues typically encountered in high-level information assurance solutions.

NetTop incorporates typical COTS user hardware and software found in most offices, schools, and homes. This technology is then combined with an underlying host operating system, virtual machine monitor, virtual network hubs, network encryptors, and a filtering router that allows multiple machine environments to run simultaneously and to access multiple networks all from the same physical platform.

Additional research has been performed to address issues associated with the use of "thin clients," methods of providing increased assurance levels, and techniques that can provide failure detection.

The benefit of the NetTop architecture is that it removes security functionality from the control of the end-user OS and applications. Important security functions such as communications encryption can be placed in a separate protected environment that cannot be influenced by user software. Similarly, an isolated filtering router function is used to provide protection from rudimentary network attacks. The modularity of the NetTop architecture and the use of standard TCP/IP networking to connect virtual machines facilitates simple replacement or upgrade of individual components.

Demonstration Capability:

Several prototype configurations have been created as part of the ongoing research effort.

Potential Commercial Application(s):

There are numerous industrial applications for a single workstation that can be used to simultaneously access multiple networks differing in sensitivity levels. Industrial applications also include alternative methods from FIREWALLS for providing information protection, and protected remote access solutions for telecommuting.

Patent Status:

Issued: United States Patent Number 6,922,774 (Updated)

(Updated) NetTop® is one of three Registered Trademark.

Reference Number: 1188

If you are interested in exploring this technology further, please express your interest in writing to the:

National Security Agency
NSA Technology Transfer Program
9800 Savage Road, Suite 6541
Fort George G. Meade, Maryland 20755-6541


Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15 2009