Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Slide 1
Document related concepts
Mobile security wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Distributed firewall wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Transcript
An Open Architecture/Open Business Model Solution for MultiLevel Collaborative Environment Kent Lindell Todd Maxcy Military Aviation Architecture Conference September 21-22, 2010 Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(1) Mission Integration Systems Capabilities Key Solutions and Programs • Mission systems engineering and integration • Advanced Mission Computers • High assurance and mission critical software and • Common Display System (CDS) • • • • • hardware High performance computing Platform integration Mission planning and management systems Training and simulation systems Unique production and repair • Common Network Interface (CNI) • Data Storage Systems • Joint High Speed Vessel (JHSV) • Independence-Class Littoral Combat Ship (LCS) • SSBN / SSGN Weapon System • Submarine Weapon Control System (WCS) and Tactical Control System (TCS) • Surface Electronic Warfare Improvement Program (SEWIP) Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(2) General Dynamics C4 Systems: Platform Security Solutions Cyber and Mission Assurance solutions “Core-to-Edge” High assurance security solutions for all warfighting platforms Security For: • System security engineering • Security architecture, design, and Integration • Risk management • Certification and accreditation Products NSA Type 1, FIPS 140-2 DIACAP, NISCAP, DoDIIS, SABI/TSABI Unified Cross-Domain Management Office ST&E and CT&E testing Networks • System anti-tamper (AT) Key products and technologies • Multi-level and cross-domain network solutions • Data-at-rest encryption Platforms • Key and identity management solutions • Avionics and tactical Comms encryption • High-speed IP (HAIPE), ATM, and SONET encryptors • Family of Advanced Core Cryptographic Technologies (FAC2T) Military Aviation Architecture Conference Operation Centers September 21-22, 2010 RCC-2825(3) Transition to Net-Centric Collaborative Warfare Traditional Warfare Collaborative Warfare Support for IP data links and MANET • • • Support for link translations Support for computer network defense Support for QoS and traffic management Support of collaborative warfare applications • Support for service oriented architectures • Support for border services and network aware applications • Support of multi-level security Need to protect legacy environment Support for HAIPE Black Networks SNAP enables collaborative tactical network operations and assured interoperability Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(4) Secure Network Architecture and Processing (SNAP) Introduction SNAP provides a robust high assurance information assurance infrastructure • Provide a MLS Network supporting MILS/MLS processing • Based on secure labeling which is cryptographically bound • Core Trusted Security Engine (TSE) is reused across the multiple security elements providing mandatory access control SNAP benefits • Provides Open Architecture/Open Business model • • • • • Allows applications to be ported without the knowledge of underlying security Leverages COTS industry investment Reduce system costs Reduced certification costs and risks Low SWaP Scalable solution Provides a very flexible IA infrastructure Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(5) SNAP Guiding Principles SNAP Mandates Certifiable Guiding Principles/Issues Benefit • Support cost sensitive platforms • Support incremental IA additions • Provide IA flexibility to meet large number of mission profiles • Certified HA security elements • Loosely coupled architecture • Standards based • Reduced certification costs • Reduced logistic cost due to reuse • Allows incremental IA additions based on fiscal reality • Change IA paradigm – Mission Enabler • Support wide variety of platforms - UAV to Surface/Sub • Low SWaP architecture • Mezzanine based security elements • COTS-based network/ processing elements • Standards based • Reduced NRE cost due to reuse of architecture across multiple platforms • Risk reduction due to reuse • Reduced schedule • Support advance platforms and legacy platforms • Support for economical technology insertions • 1Gbps / 10 Gbps • COTS based network/ processing elements • Re-use certified HA security elements • Affordably increase system capability to meet changing requirements • Minimize obsolescence risk Configurable Scalable General Dynamics Approach High assurance infrastructure that is: certifiable, configurable, and scalable Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(6) Security Segregation Enables a Cost Effective IA Infrastructure Information Assurance Segregation COTS/NDI base cards provide basic functionality High assurance functions provide by separate composable, loosely coupled HW and SW elements. Coupling to COTS occurs over open interfaces Allows evolutionary, scalable approach and minimizes recertification costs Can add / upgrade processing elements with mitigated impact to deployed systems Military Aviation Architecture Conference Open Network Interface MLS NIC MLS HAIPE COTS Processor Black Router & Link Controller COTS Processor MLS Switch MLS NIC Open Platform Interface COTS Processor MILS & MLS MLS Processing NIC Platform Platform CDS CDS COTS Processor I/O Mezz Legend: COTS/NDI High Assurance (HA) I/O Module Platform Customized September 21-22, 2010 RCC-2825(7) Scalable and Configurable for Airborne, Sea, Land, and Undersea Tactical Platforms HA Composable Components Command and Control MLS NIC MLS Switch MLS HAIPE® 5th Generation Platforms Small Form Factor Architecture must be scalable, configurable, reprogrammable and flexible to support the legacy to net-centric mission Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(8) Secure Network Architecture and Processing Flexible approaches for new solutions or major modifications • MLS NIC and MLS Switch • Labeled IP Option • Scalable processing • Scalable mass memory • Virtualized processing functions • Significant SWaP Benefit • Enabler for Support of High Number of Security Enclaves • Computer Network Defenses • (IPS, Firewalls) • SOA Components • Translations Software • Network Management • Secure OS Agnostic • Processor Agnostic – x86 or PPC • Maximizes the Processing Efficiency • Reduction in costs by consolidation of processors High Assurance Multi-Level Platform Solutions: Certifiable Configurable Scalable Cross Domain Solution • Guards, Diodes, Graders, Down Graders • Necessary for moving data into MLS Applications • Transfers data from System High to Multi-Level Environment • Tactical Browser Military Aviation Architecture Conference • Encrypted Storage • Minimal Declassification Time • Supports mobile classified data September 21-22, 2010 RCC-2825(9) Secure Network Architecture and Processing Notional Tactical Implementation Adding net-centric computing to legacy platforms Net-centric applications • IP-based functions enable cross platform translation • Distribution of data increases effectiveness • Minimize impact to legacy platforms Net-Centric applications can be supported with the supplemental processing • Scalable functions • SNAP architecture enables control points for computer network defense • SNAP is an evolutionary, high-speed, low-latency, multi-level solution Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(10) Notional “Wide Body” C-2 Platform Implementation MLS Network Support for legacy networks Can incrementally add multilevel infrastructure Can leverage existing capabilities HAIPE Existing Network HAIPE Existing Network HAIPE Existing Network HAIPE Existing Network Comms Encrypted Network Comms Support for sensors and roll-on pallets Can support single level or multi-level roll-on applications by setting MLS Switch security policy appropriately Single Level Inputs Sensors Legend Sensors Security Enclave or COI MLS x86 Open Platform Interface Security Enclave or COI Can support single level legacy sensors or new multilevel sensor by setting security policy appropriately Security Enclave or COI Sensors Security Enclave or COI MILS or MLS Encrypted Roll On Apps Roll On Apps Roll On Apps Military Aviation Architecture Conference MILS PPC Secure NAS September 21-22, 2010 RCC-2825(11) SNAP Supports Spiral Security Insertions to Support Fiscal Constraints MLS Architected-System High Open Network Interface Moderate Collaboration Warfare Router & Link Controller COTS Processor Open Network Interface COTS Processor Switch Open Platform Interface MLS HAIPE COTS Processor COTS Processor ADD: MLS HAIPE, MLS Switch, HA Control Interface Software MLS Switch COTS Processor MILS & MLS Processing Platform Platform CDS CDS COTS Processor I/O Mezz I/O Module High Assurance (HA) Open Platform Interface COTS Processor COTS Processor Legend: COTS/NDI Black Router & Link Controller Legend: COTS/NDI Platform Customized IA infrastructure enables collaborative information exchange High Assurance (HA) Framework to support current and future applications; e.g., collaborative warfare applications such as NCCT Platform Customized ADD: HA SK, MLS NIC, Multi-Level Workstation Open MLS Network NIC Interface MLS HAIPE COTS Processor An evolutionary secure network architecture allows affordable security technology insertions I/O Module Black Router & Link Controller COTS Processor MLS Switch MLS Open NIC Platform Interface COTS Processor MILS & MLS MLS NIC Processing COTS Processor Legend: COTS/NDI High Assurance (HA) Platform Platform CDS CDS I/O Mezz I/O Module Platform Customized High Collaboration Warfare Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(12) General Dynamics’ MLS Efforts Planned assurance levels • Type 1 for HAIPE® • High robustness, high assurance for key TSE components of the architecture • Type 1 for data-at-rest Trusted labeling study • Performing on contract for trusted labeling investigation • Researching existing trusted labeling and make recommendations on modification to support a standardized approach to multi-layer secure networks • Seeking to harmonize labeled network, internal research and development with trusted environment Active member in FACE Consortium Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(13) Technology Demonstration Join us in the exhibit area SNAP demonstration highlights the operational benefits of high-assurance, multi-level, network solutions ideal for SWaP constrained platforms SNAP extends recent advancements in multi-level computing to the network, including high-assurance, multi-level network encryption Includes General Dynamics’ Close Air Support and situational awareness applications running on MILS COTS processors Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(14) Points Of Contact Technical Business Development Kent Lindell 952-921-6328 [email protected] Mark Grovak 952-921-6115 [email protected] Michael Hohman 480-441-6861 [email protected] Tom Plachecki 480-441-8477 [email protected] All other product and service names are the property of their respective owners. ® Reg. U.S. Pat. & Tm. Off. Military Aviation Architecture Conference September 21-22, 2010 RCC-2825(15)
