Defense Message System

This article's factual accuracy is disputed. Relevant discussion may be found on the talk page. Please help to ensure that disputed statements are reliably sourced. (Learn how and when to remove this message)

The Defense Message System or Defense Messaging System (DMS) is a deployment of secure electronic mail and directory services in the United States Department of Defense. DMS is usually operated in conjunction with DMDS (Defense Message Dissemination System), a profiling system that takes a message and forwards it, based on message criteria, to parties that are required to take action on a message. This combination has met success with the upper echelons of command, since parties do not have to wait for messaging center operators to route the messages to the proper channels for action.

DMS was intended to replace the AUTODIN network, and is based on implementations of the OSI X.400 mail, X.500 directory and X.509 public key certificates, with several extensions to meet the specific needs of military messaging. DMS has been coordinated by the Defense Information Systems Agency (DISA), and testing began in 1995. DMS is currently in the process of being phased out by MMHS and CMS 1.0. These new programs replace the end user Fortezza cards with Domain Fortezza, a technology developed by Microsoft.

Amongst other vendors, Microsoft and IBM sell versions of their electronic mail software (Outlook/Exchange and Lotus Notes) that have been tested for compliance with DMS requirements.

Due to the bandwidth and computer equipment requirements for DMS, DMS has not seen a wide application in the field. However, the Army is currently experimenting with a version of DMS that utilizes Outlook Web Access instead of a dedicated Outlook Solution.

Compared to AUTODIN, security of DMS might be much more fragile: commercial software programs such as Outlook or Lotus Notes are notorious for containing buffer overflow bugs. These bugs allow adversaries to execute arbitrary code on the targeted end-user workstations or maybe even the message transfer agents (MTAs). A malicious DMS user could create a message that exploits such a bug in order to install a key logger on the target computer(s). This exploit could then mail keyboard transcripts back to the malicious user, thereby exposing top secret data (potentially including passwords that protect more top secret data). Because of the detailed security problems, the use of commercial off-the-shelf software for DMS is problematic.

The US government's cryptologic security organization NSA has been doing some research in least-privilege systems (e.g. SE Linux), which could reduce the potential of the described threat. Still, a compromised email program could obviously do a lot of harm, even if a SE Linux-like system protects the rest of the computer.

DMS is GAY.

The DMS system was created to replace the AUTODIN messaging system; however, the DMS system lacks one critical feature that AUTODIN provided, ruthless pre-emption. In DMS, if Alice introduces a message and there already 10,000 messages being processed, her message must wait its turn to be sent. This is all well and good, unless her message happens to be a call for help as in the case of "I am in the US Embassy in Iran and we are being overrun...Please send help!" This lack of pre-emption does not meet all DoD and Government user needs. There is a least one group within the military who are unable to translate all of their messaging needs to DMS because their operations absolutely require pre-emption.

• GlobalSecurity.org - Defense Message System
• Joint Interoperability Test Command (DISA) - Defense Message System
• Automatic Digital Network
• Automated Message Handling System
• Defense Switched Network
• GOSIP